fix(security): Correct key flow diagram and text around it for AM64X#654
fix(security): Correct key flow diagram and text around it for AM64X#654jsuhaas22 wants to merge 2 commits intoTexasInstruments:masterfrom
Conversation
jsuhaas22
requested review from
StaticRocket,
VeeruPrudhvi,
cshilwant,
gehariprasath,
jeevantelukula,
praneethbajjuri and
uditkumarti
as code owners
|
@jsuhaas22 let's enable the secure boot doc for am62x platforms in general, for am62l we should also highlight the FIT signing part |
jsuhaas22
force-pushed
the
diagram-bootflow
branch
from
0905fa3 to
4c41802
Compare
For AM62x and AM62P, I have added changes to include the doc. AM62L will require more work, so I will send a separate PR for that in a day or two. |
@jsuhaas22 sure, please address the relevant comments by the bot, looks fine otherwise. |
jsuhaas22
force-pushed
the
diagram-bootflow
branch
from
4c41802 to
5ae0b72
Compare
@shiva-ti Done. There are still some warnings left but those are invalid. |
jsuhaas22
force-pushed
the
diagram-bootflow
branch
from
5ae0b72 to
ab2bac8
Compare
github-actions
bot
assigned
devarsht,
gehariprasath,
praneethbajjuri,
r-vignesh and
uditkumarti
| Kernel/DTB/initfamfs. This is accomplished by calling into TIFS via TI-SCI (Texas Instruments System controller Interface). This allows us to use | ||
| the same signing/encrypting tools used to authenticate the first-stage image. For more infomation using TI_SCI methods refer to the | ||
| `TISCI User Guide <https://software-dl.ti.com/tisci/esd/22_01_02/index.html>`__. | ||
| We offer methods for U-Boot's SPL loader to securely verify and encrypt the U-Boot proper. U-Boot calls TIFS through TI-SCI (Texas Instruments System Controller Interface) |
There was a problem hiding this comment.
@jsuhaas22 It should be "verify and decrypt the U-Boot proper".
Btw, we don't support the encrypted boot atleast for the U-Boot in the PSDK so it should only be "verify the U-Boot proper".
There was a problem hiding this comment.
The fitImage box shows "u-boot-dtb*.dtb". Is it correct? It should be Kernel DTBs, right?
The key-flow diagram and the information around it in AM64X's Secure Boot page state that U-Boot uses TI-SCI to authenticate the kernel image. This is no longer the case: U-Boot verifies the kernel image using the fitImage key contained in it without invoking TIFS. Therefore change the docs to reflect this. Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
jsuhaas22
force-pushed
the
diagram-bootflow
branch
from
ab2bac8 to
89adb86
Compare
|
@p-shivhare-ti Addressed your comments. |
StaticRocket
left a comment
StaticRocket
left a comment
There was a problem hiding this comment.
Acronyms should follow their definitions, not the other way around. File roles should be prioritized when they can be.
| Secure boot has layers. Some layers are trusted more than others. Secure ROM has the highest trust and REE (Runtime Execution | ||
| Environment) non-trustzone user-space applications have the least. If any higher trust code is to be loaded by a lower trust entity, it must be verified |
There was a problem hiding this comment.
| Secure boot has layers. Some layers are trusted more than others. Secure ROM has the highest trust and REE (Runtime Execution | |
| Environment) non-trustzone user-space applications have the least. If any higher trust code is to be loaded by a lower trust entity, it must be verified | |
| Secure boot has layers. Some layers are trusted more than others. Secure ROM has the highest trust and Runtime Execution | |
| Environment (REE) non-trustzone user-space applications have the least. If any higher trust code is to be loaded by a lower trust entity, it must be verified |
| Kernel/DTB/initfamfs. This is accomplished by calling into TIFS via TI-SCI (Texas Instruments System controller Interface). This allows us to use | ||
| the same signing/encrypting tools used to authenticate the first-stage image. For more infomation using TI_SCI methods refer to the | ||
| `TISCI User Guide <https://software-dl.ti.com/tisci/esd/22_01_02/index.html>`__. | ||
| We offer methods for U-Boot's SPL loader to securely verify the U-Boot proper. U-Boot calls TIFS through TI-SCI (Texas Instruments System Controller Interface) |
There was a problem hiding this comment.
| We offer methods for U-Boot's SPL loader to securely verify the U-Boot proper. U-Boot calls TIFS through TI-SCI (Texas Instruments System Controller Interface) | |
| We offer methods for U-Boot's SPL loader to securely verify the U-Boot proper. U-Boot calls TIFS through Texas Instruments System Controller Interface (TI-SCI) |
|
|
||
| The ti-linux-firmware is a TI repository where all firmware releases are stored. Firmwares for a device family can also be found in the pre-built SDK | ||
| under <path-to-tisdk>/board-support/prebuilt-images/am64xx-evm. Binman expects to find the device firmware with the following appended to u-boot build command: | ||
| under <path-to-tisdk>/board-support/prebuilt-images/<evm>. Binman expects to find the device firmware with the following appended to u-boot build command: |
There was a problem hiding this comment.
| under <path-to-tisdk>/board-support/prebuilt-images/<evm>. Binman expects to find the device firmware with the following appended to u-boot build command: | |
| under :file:`<path-to-tisdk>/board-support/prebuilt-images/<evm>`. Binman expects to find the device firmware with the following appended to u-boot build command: |
jsuhaas22
force-pushed
the
diagram-bootflow
branch
3 times, most recently
from
b683f64 to
526f6c6
Compare
|
Addressed your comments, @StaticRocket |
|
It seems like a common change @jsuhaas22 , I think it can be put for the j7 devices as well. Thanks for catching and correcting it. LGTM |
| - `AM62x TRM <https://www.ti.com/lit/pdf/spruiv7>`_ | ||
| .. ifconfig:: CONFIG_part_variant in ('AM62X') | ||
|
|
||
| The contents of this first stage image are authenticated and decrypted by the Secure ROM. Contents include: |
There was a problem hiding this comment.
why are we putting TRM links here btw..? I think this can remain in some common location right and not related to security..
There was a problem hiding this comment.
Maybe change this to introduction? I already see an authenticated boot guide added for sitara platforms.. maybe better to avoid confusion using same terms
jsuhaas22
force-pushed
the
diagram-bootflow
branch
from
526f6c6 to
50799fa
Compare
| We offer methods for U-Boot's Secondary Program Loader (SPL) to securely verify the U-Boot | ||
| proper. U-Boot calls Texas Instrument Foundational Security (TIFS) through Texas Instruments System Controller Interface (TISCI) | ||
| to do this. For more information about using TISCI methods see the | ||
| `TISCI User Guide <https://software-dl.ti.com/tisci/esd/22_01_02/index.html>`__. U-Boot proper then securely verifies and decrypts the kernel, Device Tree Blobs (DTB), and initramfs. |
There was a problem hiding this comment.
@jsuhaas22 The TISCI links should always use the latest version.
https://software-dl.ti.com/tisci/esd/latest/index.html
jsuhaas22
force-pushed
the
diagram-bootflow
branch
from
50799fa to
90239a1
Compare
|
Updated the PR with your changes. Manorit -- I have added the doc to all devices. |
|
|
||
| linux/Documentation_Tarball | ||
|
|
||
| linux/Demo_User_Guides/Chromium_Browser No newline at end of file |
|
|
||
| .. rubric:: U-Boot | ||
|
|
||
| The boot flow continues as it does on a non-secure device, until loading the next FIT image named `fitImage`. This FIT image includes the Linux kernel, DTB, and |
There was a problem hiding this comment.
ig maybe an explicit mention of this being done by U-boot and pointing to respective guide to set it up correctly would be good for this. Rest everything is TIFS based ig..
jsuhaas22
force-pushed
the
diagram-bootflow
branch
from
90239a1 to
27ff2f6
Compare
Currently, the secure boot section is tailored for AM64x. But the same information is applicable to non-AM64x SoCs. Therefore generalize the page and add it these other devices' TOCs. In addition, fix the language in the file to simplify it by changing a few passive voice statements into active voice, using easier words etc. Also fix headings and remove TRM links. Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
jsuhaas22
force-pushed
the
diagram-bootflow
branch
from
27ff2f6 to
28a23dd
Compare
11 participants
The key-flow diagram and the information around it in AM64X's Secure Boot page state that U-Boot uses TI-SCI to authenticate the kernel image. This is no longer the case: U-Boot verifies the kernel image using the fitImage key contained in it without invoking TIFS. Therefore change the docs to reflect this.
New diagram:
