|
| 1 | +.. _foundational-secure-boot: |
| 2 | + |
1 | 3 | ********************************** |
2 | 4 | Secure Boot |
3 | 5 | ********************************** |
@@ -30,14 +32,14 @@ The following is an example list where Chain-of-Trust should be maintained. |
30 | 32 | - Disable kernel debug options |
31 | 33 | - Disable/remove userspace debug tools, devmem disable, etc.. |
32 | 34 |
|
33 | | -We provide methods for U-Boot's SPL loader to securely verify/encrypt the U-Boot proper. This is accomplished by calling into TIFS via TI-SCI |
34 | | -(Texas Instruments System Controller Interface). For more infomation using TI_SCI methods refer to the |
35 | | -`TISCI User Guide <https://software-dl.ti.com/tisci/esd/22_01_02/index.html>`__. U-Boot proper then securely verifies/decrypts the Kernel/DTB/initramfs. |
| 35 | +We offer methods for U-Boot's SPL loader to securely verify the U-Boot proper. U-Boot calls TIFS through TI-SCI (Texas Instruments System Controller Interface) |
| 36 | +to accomplish this. For more information about using TI_SCI methods see the |
| 37 | +`TISCI User Guide <https://software-dl.ti.com/tisci/esd/22_01_02/index.html>`__. U-Boot proper then securely verifies and decrypts the kernel, DTB and initramfs. |
36 | 38 |
|
37 | 39 | .. Image:: /images/K3_KF.png |
38 | 40 | :scale: 70% |
39 | 41 |
|
40 | | -Secure boot has layers. Some layers are trusted more than others. Secure ROM has the highest trust and REE (Run-time Execution |
| 42 | +Secure boot has layers. Some layers are trusted more than others. Secure ROM has the highest trust and REE (Runtime Execution |
41 | 43 | Environment) non-trustzone user-space applications have the least. If any higher trust code is to be loaded by a lower trust entity, it must be verified |
42 | 44 | by an even higher trust entity and not allowed to be accessed by the lower trust entity after that point. Some such trust inversions are listed below: |
43 | 45 |
|
@@ -69,14 +71,20 @@ The exact location is device dependent. More details can be found in the device |
69 | 71 | * DMSC firmware: `Texas Instruments Foundational Security (TIFS)` + Device/Power Manager: After authentication/decryption, DMSC firmware replaces the Secure ROM as the authenticator entity executing on the DMSC core. |
70 | 72 | * R5 SPL: The R5 SPL bootloader is executed on the R5 core. |
71 | 73 |
|
72 | | -.. ifconfig:: CONFIG_part_variant in ('AM62x') |
| 74 | +.. ifconfig:: CONFIG_part_variant not in ('AM64X') |
73 | 75 |
|
74 | | - - `AM62x TRM <https://www.ti.com/lit/pdf/spruiv7>`_ |
| 76 | + .. ifconfig:: CONFIG_part_variant in ('AM62X') |
75 | 77 |
|
76 | | - The contents of this first stage image are authenticated and decrypted by the Secure ROM. Contents include: |
| 78 | + - `AM62x TRM <https://www.ti.com/lit/pdf/spruiv7>`_ |
| 79 | + |
| 80 | + .. ifconfig:: CONFIG_part_variant in ('AM62PX') |
| 81 | + |
| 82 | + - `AM62P TRM <https://www.ti.com/lit/pdf/spruj83>`_ |
| 83 | + |
| 84 | + The contents of this first stage image are authenticated and decrypted by the Secure ROM. Contents include: |
77 | 85 |
|
78 | | - * `Texas Instruments Foundational Security (TIFS)` firmware: After authentication/decryption, TIFS firmware replaces the Secure ROM as the authenticator entity executing on the TIFS core. |
79 | | - * R5 SPL`: The R5 SPL bootloader is executed on the R5 core. |
| 86 | + * `Texas Instruments Foundational Security (TIFS)` firmware: After authentication/decryption, TIFS firmware replaces the Secure ROM as the authenticator entity executing on the TIFS core. |
| 87 | + * R5 SPL`: The R5 SPL bootloader is executed on the R5 core. |
80 | 88 |
|
81 | 89 | .. rubric:: R5 SPL |
82 | 90 |
|
@@ -195,9 +203,9 @@ HS Boot Flow Tools |
195 | 203 |
|
196 | 204 | U-boot: |
197 | 205 |
|
198 | | - The ti-u-boot source is a project used to create tiboot3.bin, tispl.bin, and u-boot.img. To create tiboot3.bin for AM64x family devices, u-boot builds R5 SPL and |
| 206 | + The ti-u-boot source is a project used to create tiboot3.bin, tispl.bin, and u-boot.img. To create tiboot3.bin for K3 family devices, u-boot builds R5 SPL and |
199 | 207 | binman packages it in a `tiboot3.bin` image. To build A53 SPL, binman takes ATF (bl31.bin), OPTEE (bl32.bin), A53 SPL, and A53 DTBs and packages |
200 | | - them in a `tispl.bin` image. The openssl library can then then be used to sign each component as specified in k3-am64x-binman.dtsi. |
| 208 | + them in a `tispl.bin` image. U-Boot can then use the openssl library to sign each component as specified in k3-<soc>-binman.dtsi. |
201 | 209 |
|
202 | 210 | .. code-block:: console |
203 | 211 |
|
@@ -246,7 +254,7 @@ OPTEE: |
246 | 254 | Ti-linux-firmware: |
247 | 255 |
|
248 | 256 | The ti-linux-firmware is a TI repository where all firmware releases are stored. Firmwares for a device family can also be found in the pre-built SDK |
249 | | - under <path-to-tisdk>/board-support/prebuilt-images/am64xx-evm. Binman expects to find the device firmware with the following appended to u-boot build command: |
| 257 | + under <path-to-tisdk>/board-support/prebuilt-images/<evm>. Binman expects to find the device firmware with the following appended to u-boot build command: |
250 | 258 | BINMAN_INDIRS=<path-to-tisdk>/board-support/prebuilt-images, and expects to find a ti-sysfw directory in this path. |
251 | 259 |
|
252 | 260 | .. code-block:: console |
|
0 commit comments