docs: k3: Add secure booting documentation
This commit adds a general flow to explain the usage of firewalls and the chain of trust in K3 devices. Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
This commit is contained in:
Manorit Chawdhry
Udit Kumar
parent
761fac39a8
commit
f8baffc68c
|
|
@ -103,6 +103,51 @@ firmware can be loaded on the now free core in the wakeup domain.
|
||||||
For more information on the bootup process of your SoC, consult the
|
For more information on the bootup process of your SoC, consult the
|
||||||
device specific boot flow documentation.
|
device specific boot flow documentation.
|
||||||
|
|
||||||
|
Secure Boot
|
||||||
|
^^^^^^^^^^^
|
||||||
|
|
||||||
|
K3 HS-SE devices are used for authenticated boot flow with secure boot.
|
||||||
|
HS-FS devices have optional authentication in the flow and doesn't "require"
|
||||||
|
authentication unless converted to HS-SE devices.
|
||||||
|
|
||||||
|
Chain of trust
|
||||||
|
""""""""""""""
|
||||||
|
|
||||||
|
1) SMS starts up and loads the authenticated ROM code in Wakeup Domain
|
||||||
|
2) ROM code starts up and loads the authenticated tiboot3.bin in Wakeup
|
||||||
|
Domain
|
||||||
|
3) Wakeup SPL (tiboot3.bin) would authenticate the next set of binaries
|
||||||
|
(ATF,OP-TEE,DM,SPL,etc.)
|
||||||
|
4) After ATF and OP-TEE load, ARMV8 U-boot authenticates the next set of
|
||||||
|
binaries (Linux and DTBs) if using FIT Image authentication and having a
|
||||||
|
signature node in U-boot.
|
||||||
|
|
||||||
|
Steps 1-3 are all authenticated by either the ROM code or TIFS as the
|
||||||
|
authenticating entity and step 4 uses U-boot standard mechanism for
|
||||||
|
authenticating.
|
||||||
|
|
||||||
|
All the authentication that are done for ROM/TIFS are done through x509
|
||||||
|
certificates that are signed.
|
||||||
|
|
||||||
|
Firewalls
|
||||||
|
"""""""""
|
||||||
|
|
||||||
|
1) ROM comes up and sets up firewalls that are needed by itself
|
||||||
|
2) TIFS (in multicertificate will setup it's own firewalls)
|
||||||
|
3) R5 SPL comes along and opens up other firewalls ( that are not owned by
|
||||||
|
anyone - essentially firewalls that were setup by ROM but are not needed
|
||||||
|
anymore)
|
||||||
|
4) Each stage beyond this: such as tispl.bin containing TFA/OPTEE uses OIDs to
|
||||||
|
set up firewalls to protect themselves (enforced by TIFS)
|
||||||
|
5) TFA/OP-TEE can configure other firewalls at runtime if required as they
|
||||||
|
are already authenticated and firewalled off from illegal access.
|
||||||
|
6) A53 SPL and U-boot itself startups but has no ability to change the
|
||||||
|
protection firewalls enforced by x509 OIDs or any other firewalls
|
||||||
|
configured by ROM/TIFS in the beginning.
|
||||||
|
|
||||||
|
Futhur, firewalls have a lockdown bit in hardware that enforces the setting
|
||||||
|
(and cannot be over-ridden) till the full system is resetted.
|
||||||
|
|
||||||
Software Sources
|
Software Sources
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue