[PATCH 0/1] bootm: Allow loading OP-TEE from FIT image

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This allows loading OP-TEE binaries from FIT images. The main benefit
from this approach comes from the fact that FIT images can be signed
and therefore it can be ensured that the TEE binary is not malicious.

A shortened .its file to make use of this patch might look like this: 

images {
...
tee@1 {
	description = "OP-TEE trusted OS";
	data = /incbin/("...");
	type = "tee";
	arch = "arm";
	compression = "none";
	hash@1 {
		algo = "sha256";
	};
	};
};

configurations {
default = "config-1";
config-1 {
	description = "...";
	kernel = "kernel@1";
	fdt = "fdt@1;
	tee = "tee@1";

	signature-1 {
				algo = "sha256,rsa4096";
				key-name-hint = "FIT-4096";
				sign-images = "kernel", "fdt", "tee";
			};
}

Best regards,
Albert

Albert Schwarzkopf (1):
  bootm: Allow loading OP-TEE from FIT image

 arch/arm/lib32/bootm.c | 44 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 39 insertions(+), 5 deletions(-)

-- 
2.17.1


_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox



[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux