summaryrefslogtreecommitdiff
path: root/doc/README.esbc_validate
diff options
context:
space:
mode:
Diffstat (limited to 'doc/README.esbc_validate')
-rw-r--r--doc/README.esbc_validate41
1 files changed, 41 insertions, 0 deletions
diff --git a/doc/README.esbc_validate b/doc/README.esbc_validate
new file mode 100644
index 0000000..941b607
--- /dev/null
+++ b/doc/README.esbc_validate
@@ -0,0 +1,41 @@
+/*
+ * (C) Copyright 2015
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+esbc_validate command
+========================================
+
+1. esbc_validate command is meant for validating header and
+ signature of images (Boot Script and ESBC uboot client).
+ SHA-256 and RSA operations are performed using SEC block in HW.
+ This command works on both PBL based and Non PBL based Freescale
+ platforms.
+ Command usage:
+ esbc_validate img_hdr_addr [pub_key_hash]
+ esbc_validate hdr_addr <hash_val>
+ Validates signature using RSA verification.
+ $hdr_addr Address of header of the image to be validated.
+ $hash_val -Optional. It provides Hash of public/srk key to be
+ used to verify signature.
+
+2. ESBC uboot client can be linux. Additionally, rootfs and device
+ tree blob can also be signed.
+3. In the event of header or signature failure in validation,
+ ITS and ITF bits determine further course of action.
+4. In case of soft failure, appropriate error is dumped on console.
+5. In case of hard failure, SoC is issued RESET REQUEST after
+ dumping error on the console.
+6. KEY REVOCATION Feature:
+ QorIQ platforms like B4/T4 have support of srk key table and key
+ revocation in ISBC code in Silicon.
+ The srk key table allows the user to have a key table with multiple
+ keys and revoke any key in case of particular key gets compromised.
+ In case the ISBC code uses the key revocation and srk key table to
+ verify the u-boot code, the subsequent chain of trust should also
+ use the same.
+6. ISBC KEY EXTENSION Feature:
+ This feature allows large number of keys to be used for esbc validation
+ of images. A set of public keys is being signed and validated by ISBC
+ which can be further used for esbc validation of images.