Tom Rini | 83d290c | 2018-05-06 17:58:06 -0400 | [diff] [blame] | 1 | SPDX-License-Identifier: GPL-2.0+ |
gaurav rana | 47151e4 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 2 | /* |
| 3 | * (C) Copyright 2015 |
gaurav rana | 47151e4 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 4 | */ |
| 5 | |
| 6 | esbc_validate command |
| 7 | ======================================== |
| 8 | |
| 9 | 1. esbc_validate command is meant for validating header and |
| 10 | signature of images (Boot Script and ESBC uboot client). |
| 11 | SHA-256 and RSA operations are performed using SEC block in HW. |
| 12 | This command works on both PBL based and Non PBL based Freescale |
| 13 | platforms. |
| 14 | Command usage: |
| 15 | esbc_validate img_hdr_addr [pub_key_hash] |
| 16 | esbc_validate hdr_addr <hash_val> |
| 17 | Validates signature using RSA verification. |
| 18 | $hdr_addr Address of header of the image to be validated. |
| 19 | $hash_val -Optional. It provides Hash of public/srk key to be |
| 20 | used to verify signature. |
| 21 | |
| 22 | 2. ESBC uboot client can be linux. Additionally, rootfs and device |
| 23 | tree blob can also be signed. |
| 24 | 3. In the event of header or signature failure in validation, |
| 25 | ITS and ITF bits determine further course of action. |
| 26 | 4. In case of soft failure, appropriate error is dumped on console. |
| 27 | 5. In case of hard failure, SoC is issued RESET REQUEST after |
| 28 | dumping error on the console. |
| 29 | 6. KEY REVOCATION Feature: |
| 30 | QorIQ platforms like B4/T4 have support of srk key table and key |
| 31 | revocation in ISBC code in Silicon. |
| 32 | The srk key table allows the user to have a key table with multiple |
| 33 | keys and revoke any key in case of particular key gets compromised. |
| 34 | In case the ISBC code uses the key revocation and srk key table to |
| 35 | verify the u-boot code, the subsequent chain of trust should also |
| 36 | use the same. |
| 37 | 6. ISBC KEY EXTENSION Feature: |
| 38 | This feature allows large number of keys to be used for esbc validation |
| 39 | of images. A set of public keys is being signed and validated by ISBC |
| 40 | which can be further used for esbc validation of images. |