Skip to content

Commit da6c3c6

Browse files
jsuhaas22jsuhaas22
committed
fix(security): Correct key flow diagram and text around it for AM64X
The key-flow diagram and the information around it in AM64X's Secure Boot page state that U-Boot uses TI-SCI to authenticate the kernel image. This is no longer the case: U-Boot verifies the kernel image using the fitImage key contained in it without invoking TIFS. Therefore change the docs to reflect this. Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
1 parent 2ff5b4d commit da6c3c6

3 files changed

Lines changed: 5 additions & 6 deletions

File tree

source/images/K3_KF.JPG

-107 KB
Binary file not shown.

source/images/K3_KF.png

78.4 KB
Loading

source/linux/Foundational_Components_Secure_Boot.rst

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,15 +30,14 @@ The following is an example list where Chain-of-Trust should be maintained.
3030
- Disable kernel debug options
3131
- Disable/remove userspace debug tools, devmem disable, etc..
3232

33-
We provide methods for U-Boot's SPL loader to securely verify/decrypt the U-Boot proper, and this U-Boot proper to securely verify/decrypt the
34-
Kernel/DTB/initfamfs. This is accomplished by calling into TIFS via TI-SCI (Texas Instruments System controller Interface). This allows us to use
35-
the same signing/encrypting tools used to authenticate the first-stage image. For more infomation using TI_SCI methods refer to the
36-
`TISCI User Guide <https://software-dl.ti.com/tisci/esd/22_01_02/index.html>`__.
33+
We provide methods for U-Boot's SPL loader to securely verify/encrypt the U-Boot proper. This is accomplished by calling into TIFS via TI-SCI
34+
(Texas Instruments System Controller Interface). For more infomation using TI_SCI methods refer to the
35+
`TISCI User Guide <https://software-dl.ti.com/tisci/esd/22_01_02/index.html>`__. U-Boot proper then securely verifies/decrypts the Kernel/DTB/initramfs.
3736

38-
.. Image:: /images/K3_KF.JPG
37+
.. Image:: /images/K3_KF.png
3938
:scale: 70%
4039

41-
Secure boot is like an onion, it has layers. Some layers are trusted more than others. Secure ROM has the highest trust and REE (Run-time Execution
40+
Secure boot has layers. Some layers are trusted more than others. Secure ROM has the highest trust and REE (Run-time Execution
4241
Environment) non-trustzone user-space applications have the least. If any higher trust code is to be loaded by a lower trust entity, it must be verified
4342
by an even higher trust entity and not allowed to be accessed by the lower trust entity after that point. Some such trust inversions are listed below:
4443

0 commit comments

Comments
 (0)