diff options
| author | Simon Glass <sjg@chromium.org> | 2024-06-27 09:29:49 +0100 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2024-06-28 13:54:52 -0600 |
| commit | d780965927d4b176857895b5d64fae85ccd04eb8 (patch) | |
| tree | 861f7c1fa3ac8f1da27b840aeb7407fbc01ba411 /doc/usage | |
| parent | 37323aec519e5a6e677bb24b11ff141f69533da3 (diff) | |
| download | u-boot-d780965927d4b176857895b5d64fae85ccd04eb8.tar.gz u-boot-d780965927d4b176857895b5d64fae85ccd04eb8.tar.bz2 u-boot-d780965927d4b176857895b5d64fae85ccd04eb8.zip | |
Drop the special am335x_boneblack_vboot target
Now that am335x_evm boots OK on the Beaglebone black, drop the latter
and update the docs to cover the change.
Also add a few updates about 'make fit' and drop the note about the
security review, as U-Boot's verified boot has had quite extensive
review now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Diffstat (limited to 'doc/usage')
| -rw-r--r-- | doc/usage/fit/beaglebone_vboot.rst | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/doc/usage/fit/beaglebone_vboot.rst b/doc/usage/fit/beaglebone_vboot.rst index cd6bb14191..1298ba1ae0 100644 --- a/doc/usage/fit/beaglebone_vboot.rst +++ b/doc/usage/fit/beaglebone_vboot.rst @@ -67,18 +67,20 @@ a. Set up the environment variable to point to your toolchain. You will need export CROSS_COMPILE=arm-linux-gnueabi- -b. Configure and build U-Boot with verified boot enabled:: +b. Configure and build U-Boot with verified boot enabled. Note that we use the +am335x_evm target since it covers all boards based on the AM335x evaluation +board:: export UBOOT=/path/to/u-boot cd $UBOOT # You can add -j10 if you have 10 CPUs to make it faster - make O=b/am335x_boneblack_vboot am335x_boneblack_vboot_config all - export UOUT=$UBOOT/b/am335x_boneblack_vboot + make O=b/am335x_evm am335x_evm_config all + export UOUT=$UBOOT/b/am335x_evm c. You will now have a U-Boot image:: - file b/am335x_boneblack_vboot/u-boot-dtb.img - b/am335x_boneblack_vboot/u-boot-dtb.img: u-boot legacy uImage, + file b/am335x_evm/u-boot-dtb.img + b/am335x_evm/u-boot-dtb.img: u-boot legacy uImage, U-Boot 2014.07-rc2-00065-g2f69f8, Firmware/ARM, Firmware Image (Not compressed), 395375 bytes, Sat May 31 16:19:04 2014, Load Address: 0x80800000, Entry Point: 0x00000000, @@ -466,7 +468,7 @@ the private key that you signed with so that it can verify any kernels that you sign:: cd $UBOOT - make O=b/am335x_boneblack_vboot EXT_DTB=${WORK}/am335x-boneblack-pubkey.dtb + make O=b/am335x_evm EXT_DTB=${WORK}/am335x-boneblack-pubkey.dtb Here we are overriding the normal device tree file with our one, which contains the public key. @@ -597,14 +599,11 @@ Further Improvements Several of the steps here can be easily automated. In particular it would be capital if signing and packaging a kernel were easy, perhaps a simple make -target in the kernel. +target in the kernel. A starting point for this is the 'make image.fit' target +for ARM64 in Linux from v6.9 onwards. Some mention of how to use multiple .dtb files in a FIT might be useful. -U-Boot's verified boot mechanism has not had a robust and independent security -review. Such a review should look at the implementation and its resistance to -attacks. - Perhaps the verified boot feature could be integrated into the Amstrom distribution. |