Commits
Madan Srinivas committed 266b5c0cdbd
arm: am33xx: security: adds auth support for encrypted images This patch adds support for authentication of both plain text and encrypted binaries. A new SECDEV package is needed to enable encryption of binaries by default for AM3x. The ROM authentication API detects encrypted images at runtime and automatically decrypts the image if the signature verification passes. Addition of encryption on AM3x results in a change in the image format. On AM4x, AM5x and, on AM3x devices signing clear test images, the signature is appended to the end of the binary. On AM3x, when the SECDEV package is used to create signed and encrypted images, the signature is added as a header to the start of the binary. So the binary size calculation has been updated to reflect this change. The signing tools and encrypted image format for AM3x cannot be changed to behave like AM4x and AM5x to maintain backward compatibility with older Sitara M-Shield releases. Adding encryption support also increases the size of the PPA. As the SPL is loaded right after the PPA for any peripheral boot, this increase in PPA size results in the SPL load address moving by 0x200 bytes (for UART boot). Memory boot modes like MMC are not affected, as the ROM loads the PPA and SPL in two separate steps. Acked-by: Andrew F. Davis <afd@ti.com> Signed-off-by: Madan Srinivas <madans@ti.com>