1README on how boot images are created for secure TI devices 2 3CONFIG_TI_SECURE_DEVICE: 4Secure TI devices require a boot image that is authenticated by ROM 5code to function. Without this, even JTAG remains locked and the 6device is essentially useless. In order to create a valid boot image for 7a secure device from TI, the initial public software image must be signed 8and combined with various headers, certificates, and other binary images. 9 10Information on the details on the complete boot image format can be obtained 11from Texas Instruments. The tools used to generate boot images for secure 12devices are part of a secure development package (SECDEV) that can be 13downloaded from: 14 15 http://www.ti.com/mysecuresoftware (login required) 16 17The secure development package is access controlled due to NDA and export 18control restrictions. Access must be requested and granted by TI before the 19package is viewable and downloadable. Contact TI, either online or by way 20of a local TI representative, to request access. 21 22Booting of U-Boot SPL 23===================== 24 25 When CONFIG_TI_SECURE_DEVICE is set, the U-Boot SPL build process 26 requires the presence and use of these tools in order to create a 27 viable boot image. The build process will look for the environment 28 variable TI_SECURE_DEV_PKG, which should be the path of the installed 29 SECDEV package. If the TI_SECURE_DEV_PKG variable is not defined or 30 if it is defined but doesn't point to a valid SECDEV package, a 31 warning is issued during the build to indicate that a final secure 32 bootable image was not created. 33 34 Within the SECDEV package exists an image creation script: 35 36 ${TI_SECURE_DEV_PKG}/scripts/create-boot-image.sh 37 38 This is called as part of the SPL/u-boot build process. As the secure 39 boot image formats and requirements differ between secure SOC from TI, 40 the purpose of this script is to abstract these details as much as 41 possible. 42 43 The script is basically the only required interface to the TI SECDEV 44 package for creating a bootable SPL image for secure TI devices. 45 46 Invoking the script for AM33xx Secure Devices 47 ============================================= 48 49 create-boot-image.sh \ 50 <IMAGE_FLAG> <INPUT_FILE> <OUTPUT_FILE> <SPL_LOAD_ADDR> 51 52 <IMAGE_FLAG> is a value that specifies the type of the image to 53 generate OR the action the image generation tool will take. Valid 54 values are: 55 SPI_X-LOADER - Generates an image for SPI flash (byte swapped) 56 X-LOADER - Generates an image for non-XIP flash 57 MLO - Generates an image for SD/MMC/eMMC media 58 2ND - Generates an image for USB, UART and Ethernet 59 XIP_X-LOADER - Generates a single stage u-boot for NOR/QSPI XiP 60 61 <INPUT_FILE> is the full path and filename of the public world boot 62 loaderbinary file (depending on the boot media, this is usually 63 either u-boot-spl.bin or u-boot.bin). 64 65 <OUTPUT_FILE> is the full path and filename of the final secure 66 image. The output binary images should be used in place of the standard 67 non-secure binary images (see the platform-specific user's guides and 68 releases notes for how the non-secure images are typically used) 69 u-boot-spl_HS_SPI_X-LOADER - byte swapped boot image for SPI flash 70 u-boot-spl_HS_X-LOADER - boot image for NAND or SD/MMC/eMMC rawmode 71 u-boot-spl_HS_MLO - boot image for SD/MMC/eMMC media 72 u-boot-spl_HS_2ND - boot image for USB, UART and Ethernet 73 u-boot_HS_XIP_X-LOADER - boot image for NOR or QSPI Xip flash 74 75 <SPL_LOAD_ADDR> is the address at which SOC ROM should load the 76 <INPUT_FILE> 77 78 Invoking the script for AM43xx Secure Devices 79 ============================================= 80 81 create-boot-image.sh \ 82 <IMAGE_FLAG> <INPUT_FILE> <OUTPUT_FILE> <SPL_LOAD_ADDR> 83 84 <IMAGE_FLAG> is a value that specifies the type of the image to 85 generate OR the action the image generation tool will take. Valid 86 values are: 87 SPI_X-LOADER - Generates an image for SPI flash (byte 88 swapped) 89 XIP_X-LOADER - Generates a single stage u-boot for 90 NOR/QSPI XiP 91 ISSW - Generates an image for all other boot modes 92 93 <INPUT_FILE> is the full path and filename of the public world boot 94 loaderbinary file (depending on the boot media, this is usually 95 either u-boot-spl.bin or u-boot.bin). 96 97 <OUTPUT_FILE> is the full path and filename of the final secure 98 image. The output binary images should be used in place of the standard 99 non-secure binary images (see the platform-specific user's guides and 100 releases notes for how the non-secure images are typically used) 101 u-boot-spl_HS_SPI_X-LOADER - byte swapped boot image for SPI flash 102 u-boot_HS_XIP_X-LOADER - boot image for NOR or QSPI flash 103 u-boot-spl_HS_ISSW - boot image for all other boot media 104 105 <SPL_LOAD_ADDR> is the address at which SOC ROM should load the 106 <INPUT_FILE> 107 108 Invoking the script for DRA7xx/AM57xx Secure Devices 109 ==================================================== 110 111 create-boot-image.sh <IMAGE_TYPE> <INPUT_FILE> <OUTPUT_FILE> 112 113 <IMAGE_TYPE> is a value that specifies the type of the image to 114 generate OR the action the image generation tool will take. Valid 115 values are: 116 X-LOADER - Generates an image for NOR or QSPI boot modes 117 MLO - Generates an image for SD/MMC/eMMC boot modes 118 ULO - Generates an image for USB/UART peripheral boot modes 119 Note: ULO is not yet used by the u-boot build process 120 121 <INPUT_FILE> is the full path and filename of the public world boot 122 loader binary file (for this platform, this is always u-boot-spl.bin). 123 124 <OUTPUT_FILE> is the full path and filename of the final secure image. 125 The output binary images should be used in place of the standard 126 non-secure binary images (see the platform-specific user's guides 127 and releases notes for how the non-secure images are typically used) 128 u-boot-spl_HS_MLO - boot image for SD/MMC/eMMC. This image is 129 copied to a file named MLO, which is the name that 130 the device ROM bootloader requires for loading from 131 the FAT partition of an SD card (same as on 132 non-secure devices) 133 u-boot-spl_HS_X-LOADER - boot image for all other flash memories 134 including QSPI and NOR flash 135 136Booting of Primary U-Boot (u-boot.img) 137====================================== 138 139 The SPL image is responsible for loading the next stage boot loader, 140 which is the main u-boot image. For secure TI devices, the SPL will 141 be authenticated, as described above, as part of the particular 142 device's ROM boot process. In order to continue the secure boot 143 process, the authenticated SPL must authenticate the main u-boot 144 image that it loads. 145 146 The configurations for secure TI platforms are written to make the boot 147 process use the FIT image format for the u-boot.img (CONFIG_SPL_FRAMEWORK 148 and CONFIG_SPL_LOAD_FIT). With these configurations the binary 149 components that the SPL loads include a specific DTB image and u-boot 150 image. These DTB image may be one of many available to the boot 151 process. In order to secure these components so that they can be 152 authenticated by the SPL as they are loaded from the FIT image, the 153 build procedure for secure TI devices will secure these images before 154 they are integrated into the FIT image. When those images are extracted 155 from the FIT image at boot time, they are post-processed to verify that 156 they are still secure. The outlined security-related SPL post-processing 157 is enabled through the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option which 158 must be enabled for the secure boot scheme to work. In order to allow 159 verifying proper operation of the secure boot chain in case of successful 160 authentication messages like "Authentication passed: CERT_U-BOOT-NOD" are 161 output by the SPL to the console for each blob that got extracted from the 162 FIT image. Note that the last part of this log message is the (truncated) 163 name of the signing certificate embedded into the blob that got processed. 164 165 The exact details of the how the images are secured is handled by the 166 SECDEV package. Within the SECDEV package exists a script to process 167 an input binary image: 168 169 ${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh 170 171 This is called as part of the u-boot build process. As the secure 172 image formats and requirements can differ between the various secure 173 SOCs from TI, this script in the SECDEV package abstracts these 174 details. This script is essentially the only required interface to the 175 TI SECDEV package for creating a u-boot.img image for secure TI 176 devices. 177 178 The SPL/u-boot code contains calls to dedicated secure ROM functions 179 to perform the validation on the secured images. The details of the 180 interface to those functions is shown in the code. The summary 181 is that they are accessed by invoking an ARM secure monitor call to 182 the device's secure ROM (fixed read-only-memory that is secure and 183 only accessible when the ARM core is operating in the secure mode). 184 185 Invoking the secure-binary-image script for Secure Devices 186 ========================================================== 187 188 secure-binary-image.sh <INPUT_FILE> <OUTPUT_FILE> 189 190 <INPUT_FILE> is the full path and filename of the input binary image 191 192 <OUTPUT_FILE> is the full path and filename of the output secure image. 193