xref: /openbmc/u-boot/doc/README.ti-secure (revision fd0bc623)
1README on how boot images are created for secure TI devices
2
3CONFIG_TI_SECURE_DEVICE:
4Secure TI devices require a boot image that is authenticated by ROM
5code to function. Without this, even JTAG remains locked and the
6device is essentially useless. In order to create a valid boot image for
7a secure device from TI, the initial public software image must be signed
8and combined with various headers, certificates, and other binary images.
9
10Information on the details on the complete boot image format can be obtained
11from Texas Instruments. The tools used to generate boot images for secure
12devices are part of a secure development package (SECDEV) that can be
13downloaded from:
14
15	http://www.ti.com/mysecuresoftware (login required)
16
17The secure development package is access controlled due to NDA and export
18control restrictions. Access must be requested and granted by TI before the
19package is viewable and downloadable. Contact TI, either online or by way
20of a local TI representative, to request access.
21
22Booting of U-Boot SPL
23=====================
24
25	When CONFIG_TI_SECURE_DEVICE is set, the U-Boot SPL build process
26	requires the presence and use of these tools in order to create a
27	viable boot image. The build process will look for the environment
28	variable TI_SECURE_DEV_PKG, which should be the path of the installed
29	SECDEV package. If the TI_SECURE_DEV_PKG variable is not defined or
30	if it is defined but doesn't point to a valid SECDEV package, a
31	warning is issued during the build to indicate that a final secure
32	bootable image was not created.
33
34	Within the SECDEV package exists an image creation script:
35
36	${TI_SECURE_DEV_PKG}/scripts/create-boot-image.sh
37
38	This is called as part of the SPL/u-boot build process. As the secure
39	boot image formats and requirements differ between secure SOC from TI,
40	the purpose of this script is to abstract these details as much as
41	possible.
42
43	The script is basically the only required interface to the TI SECDEV
44	package for creating a bootable SPL image for secure TI devices.
45
46	Invoking the script for AM33xx Secure Devices
47	=============================================
48
49	create-boot-image.sh \
50		<IMAGE_FLAG> <INPUT_FILE> <OUTPUT_FILE> <SPL_LOAD_ADDR>
51
52	<IMAGE_FLAG> is a value that specifies the type of the image to
53	generate OR the action the image generation tool will take. Valid
54	values are:
55		SPI_X-LOADER - Generates an image for SPI flash (byte swapped)
56		X-LOADER - Generates an image for non-XIP flash
57		MLO - Generates an image for SD/MMC/eMMC media
58		2ND - Generates an image for USB, UART and Ethernet
59		XIP_X-LOADER - Generates a single stage u-boot for NOR/QSPI XiP
60
61	<INPUT_FILE> is the full path and filename of the public world boot
62	loaderbinary file (depending on the boot media, this is usually
63	either u-boot-spl.bin or u-boot.bin).
64
65	<OUTPUT_FILE> is the full path and filename of the final secure
66	image. The output binary images should be used in place of the standard
67	non-secure binary images (see the platform-specific user's guides and
68	releases notes for how the non-secure images are typically used)
69	u-boot-spl_HS_SPI_X-LOADER - byte swapped boot image for SPI flash
70	u-boot-spl_HS_X-LOADER - boot image for NAND or SD/MMC/eMMC rawmode
71	u-boot-spl_HS_MLO - boot image for SD/MMC/eMMC media
72	u-boot-spl_HS_2ND - boot image for USB, UART and Ethernet
73	u-boot_HS_XIP_X-LOADER - boot image for NOR or QSPI Xip flash
74
75	<SPL_LOAD_ADDR> is the address at which SOC ROM should load the
76	<INPUT_FILE>
77
78	Invoking the script for AM43xx Secure Devices
79	=============================================
80
81	create-boot-image.sh \
82		<IMAGE_FLAG> <INPUT_FILE> <OUTPUT_FILE> <SPL_LOAD_ADDR>
83
84	<IMAGE_FLAG> is a value that specifies the type of the image to
85	generate OR the action the image generation tool will take. Valid
86	values are:
87		SPI_X-LOADER - Generates an image for SPI flash (byte
88			swapped)
89		XIP_X-LOADER - Generates a single stage u-boot for
90			NOR/QSPI XiP
91		ISSW - Generates an image for all other boot modes
92
93	<INPUT_FILE> is the full path and filename of the public world boot
94	loaderbinary file (depending on the boot media, this is usually
95	either u-boot-spl.bin or u-boot.bin).
96
97	<OUTPUT_FILE> is the full path and filename of the final secure
98	image. The output binary images should be used in place of the standard
99	non-secure binary images (see the platform-specific user's guides and
100	releases notes for how the non-secure images are typically used)
101	u-boot-spl_HS_SPI_X-LOADER - byte swapped boot image for SPI flash
102	u-boot_HS_XIP_X-LOADER - boot image for NOR or QSPI flash
103	u-boot-spl_HS_ISSW - boot image for all other boot media
104
105	<SPL_LOAD_ADDR> is the address at which SOC ROM should load the
106	<INPUT_FILE>
107
108	Invoking the script for DRA7xx/AM57xx Secure Devices
109	====================================================
110
111	create-boot-image.sh \
112		<IMAGE_TYPE> <INPUT_FILE> <OUTPUT_FILE> <SPL_LOAD_ADDR>
113
114	<IMAGE_TYPE> is a value that specifies the type of the image to
115	generate OR the action the image generation tool will take. Valid
116	values are:
117		X-LOADER - Generates an image for NOR or QSPI boot modes
118		MLO - Generates an image for SD/MMC/eMMC boot modes
119		ULO - Generates an image for USB/UART peripheral boot modes
120
121	<INPUT_FILE> is the full path and filename of the public world boot
122	loader binary file (for this platform, this is always u-boot-spl.bin).
123
124	<OUTPUT_FILE> is the full path and filename of the final secure image.
125	The output binary images should be used in place of the standard
126	non-secure binary images (see the platform-specific user's guides
127	and releases notes for how the non-secure images are typically used)
128	u-boot-spl_HS_MLO - boot image for SD/MMC/eMMC. This image is
129		copied to a file named MLO, which is the name that
130		the device ROM bootloader requires for loading from
131		the FAT partition of an SD card (same as on
132		non-secure devices)
133	u-boot-spl_HS_ULO - boot image for USB/UART peripheral boot modes
134	u-boot-spl_HS_X-LOADER - boot image for all other flash memories
135		including QSPI and NOR flash
136
137	<SPL_LOAD_ADDR> is the address at which SOC ROM should load the
138	<INPUT_FILE>
139
140	Invoking the script for Keystone2 Secure Devices
141	=============================================
142
143	create-boot-image.sh \
144		<UNUSED> <INPUT_FILE> <OUTPUT_FILE> <UNUSED>
145
146	<UNUSED> is currently ignored and reserved for future use.
147
148	<INPUT_FILE> is the full path and filename of the public world boot
149	loader binary file (only u-boot.bin is currently supported on
150	Keystone2 devices, u-boot-spl.bin is not currently supported).
151
152	<OUTPUT_FILE> is the full path and filename of the final secure image.
153	The output binary images should be used in place of the standard
154	non-secure binary images (see the platform-specific user's guides
155	and releases notes for how the non-secure images are typically used)
156	u-boot_HS_MLO - signed and encrypted boot image that can be used to
157		boot from all media. Secure boot from SPI NOR flash is not
158		currently supported.
159
160Booting of Primary U-Boot (u-boot.img)
161======================================
162
163	The SPL image is responsible for loading the next stage boot loader,
164	which is the main u-boot image. For secure TI devices, the SPL will
165	be authenticated, as described above, as part of the particular
166	device's ROM boot process. In order to continue the secure boot
167	process, the authenticated SPL must authenticate the main u-boot
168	image that it loads.
169
170	The configurations for secure TI platforms are written to make the boot
171	process use the FIT image format for the u-boot.img (CONFIG_SPL_FRAMEWORK
172	and CONFIG_SPL_LOAD_FIT). With these configurations the binary
173	components that the SPL loads include a specific DTB image and u-boot
174	image. These DTB image may be one of many available to the boot
175	process. In order to secure these components so that they can be
176	authenticated by the SPL as they are loaded from the FIT image,	the
177	build procedure for secure TI devices will secure these images before
178	they are integrated into the FIT image. When those images are extracted
179	from the FIT image at boot time, they are post-processed to verify that
180	they are still secure. The outlined security-related SPL post-processing
181	is enabled through the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option which
182	must be enabled for the secure boot scheme to work. In order to allow
183	verifying proper operation of the secure boot chain in case of successful
184	authentication messages like "Authentication passed: CERT_U-BOOT-NOD" are
185	output by the SPL to the console for each blob that got extracted from the
186	FIT image. Note that the last part of this log message is the (truncated)
187	name of the signing certificate embedded into the blob that got processed.
188
189	The exact details of the how the images are secured is handled by the
190	SECDEV package. Within the SECDEV package exists a script to process
191	an input binary image:
192
193	${TI_SECURE_DEV_PKG}/scripts/secure-binary-image.sh
194
195	This is called as part of the u-boot build process. As the secure
196	image formats and requirements can differ between the various secure
197	SOCs from TI, this script in the SECDEV package abstracts these
198	details. This script is essentially the only required interface to the
199	TI SECDEV package for creating a u-boot.img image for secure TI
200	devices.
201
202	The SPL/u-boot code contains calls to dedicated secure ROM functions
203	to perform the validation on the secured images. The details of the
204	interface to those functions is shown in the code. The summary
205	is that they are accessed by invoking an ARM secure monitor call to
206	the device's secure ROM (fixed read-only-memory that is secure and
207	only accessible when the ARM core is operating in the secure mode).
208
209	Invoking the secure-binary-image script for Secure Devices
210	==========================================================
211
212	secure-binary-image.sh <INPUT_FILE> <OUTPUT_FILE>
213
214	<INPUT_FILE> is the full path and filename of the input binary image
215
216	<OUTPUT_FILE> is the full path and filename of the output secure image.
217