Skip to content

fix(security): Correct key flow diagram and text around it for AM64X#654

Open
jsuhaas22 wants to merge 2 commits intoTexasInstruments:masterfrom
jsuhaas22:diagram-bootflow
Open

fix(security): Correct key flow diagram and text around it for AM64X#654
jsuhaas22 wants to merge 2 commits intoTexasInstruments:masterfrom
jsuhaas22:diagram-bootflow

Conversation

@jsuhaas22
Copy link
Copy Markdown
Collaborator

@jsuhaas22 jsuhaas22 commented Apr 8, 2026

The key-flow diagram and the information around it in AM64X's Secure Boot page state that U-Boot uses TI-SCI to authenticate the kernel image. This is no longer the case: U-Boot verifies the kernel image using the fitImage key contained in it without invoking TIFS. Therefore change the docs to reflect this.

New diagram:
K3_KF

@shiva-ti
Copy link
Copy Markdown
Collaborator

shiva-ti commented Apr 10, 2026

@jsuhaas22 let's enable the secure boot doc for am62x platforms in general, for am62l we should also highlight the FIT signing part

cshilwant
cshilwant requested changes Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@cshilwant cshilwant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#654 (comment)

@jsuhaas22
Copy link
Copy Markdown
Collaborator Author

jsuhaas22 commented Apr 13, 2026

@shiva-ti

@jsuhaas22 let's enable the secure boot doc for am62x platforms in general, for am62l we should also highlight the FIT signing part

For AM62x and AM62P, I have added changes to include the doc. AM62L will require more work, so I will send a separate PR for that in a day or two.

shiva-ti
shiva-ti reviewed Apr 13, 2026
View reviewed changes
Comment thread source/linux/Foundational_Components_Secure_Boot.rst Outdated
@shiva-ti
Copy link
Copy Markdown
Collaborator

shiva-ti commented Apr 13, 2026

@shiva-ti

@jsuhaas22 let's enable the secure boot doc for am62x platforms in general, for am62l we should also highlight the FIT signing part

For AM62x and AM62P, I have added changes to include the doc. AM62L will require more work, so I will send a separate PR for that in a day or two.

@jsuhaas22 sure, please address the relevant comments by the bot, looks fine otherwise.

@jsuhaas22
Copy link
Copy Markdown
Collaborator Author

jsuhaas22 commented Apr 14, 2026

@shiva-ti

@jsuhaas22 let's enable the secure boot doc for am62x platforms in general, for am62l we should also highlight the FIT signing part

For AM62x and AM62P, I have added changes to include the doc. AM62L will require more work, so I will send a separate PR for that in a day or two.

@jsuhaas22 sure, please address the relevant comments by the bot, looks fine otherwise.

@shiva-ti Done. There are still some warnings left but those are invalid.

@github-actions github-actions bot requested review from devarsht and r-vignesh April 14, 2026 06:25
shiva-ti
shiva-ti previously approved these changes Apr 14, 2026
View reviewed changes
p-shivhare-ti
p-shivhare-ti reviewed Apr 14, 2026
View reviewed changes
Comment thread source/linux/Foundational_Components_Secure_Boot.rst Outdated
p-shivhare-ti
p-shivhare-ti reviewed Apr 14, 2026
View reviewed changes
Comment thread source/images/K3_KF.png
@jsuhaas22
fix(security): Correct key flow diagram and text around it for AM64X
da6c3c6 
The key-flow diagram and the information around it in AM64X's Secure Boot page
state that U-Boot uses TI-SCI to authenticate the kernel image. This is no
longer the case: U-Boot verifies the kernel image using the fitImage key
contained in it without invoking TIFS. Therefore change the docs to reflect
this.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
@jsuhaas22
Copy link
Copy Markdown
Collaborator Author

jsuhaas22 commented Apr 14, 2026

@p-shivhare-ti Addressed your comments.

StaticRocket
StaticRocket requested changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@StaticRocket StaticRocket left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Acronyms should follow their definitions, not the other way around. File roles should be prioritized when they can be.

Comment thread source/linux/Foundational_Components_Secure_Boot.rst Outdated
Comment thread source/linux/Foundational_Components_Secure_Boot.rst Outdated
Comment thread source/linux/Foundational_Components_Secure_Boot.rst Outdated
@jsuhaas22 jsuhaas22 force-pushed the diagram-bootflow branch 3 times, most recently from b683f64 to 526f6c6 Compare April 15, 2026 02:01
@jsuhaas22
Copy link
Copy Markdown
Collaborator Author

jsuhaas22 commented Apr 15, 2026

Addressed your comments, @StaticRocket

@manorit2001
Copy link
Copy Markdown
Contributor

manorit2001 commented Apr 15, 2026

It seems like a common change @jsuhaas22 , I think it can be put for the j7 devices as well. Thanks for catching and correcting it. LGTM

manorit2001
manorit2001 reviewed Apr 15, 2026
View reviewed changes
Comment thread source/linux/Foundational_Components_Secure_Boot.rst
Comment thread source/linux/Foundational_Components_Secure_Boot.rst Outdated
p-shivhare-ti
p-shivhare-ti reviewed Apr 15, 2026
View reviewed changes
Comment thread source/linux/Foundational_Components_Secure_Boot.rst Outdated
@jsuhaas22
Copy link
Copy Markdown
Collaborator Author

jsuhaas22 commented Apr 15, 2026

@manorit2001 @p-shivhare-ti

Updated the PR with your changes. Manorit -- I have added the doc to all devices.

manorit2001
manorit2001 approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@manorit2001 manorit2001 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rest LGTM

Comment thread configs/J721S2/J721S2_linux_toc.txt
Comment thread source/linux/Foundational_Components_Secure_Boot.rst
@jsuhaas22 jsuhaas22 force-pushed the diagram-bootflow branch 3 times, most recently from 28a23dd to d7523a4 Compare April 15, 2026 13:39
@jsuhaas22
feat(security): Generalize boot flow page for non-AM64x SoCs
6474e81 
Currently, the secure boot section is tailored for AM64x. But the same
information is applicable to non-AM64x SoCs. Therefore generalize the page and
add it these other devices' TOCs.

In addition, fix the language in the file to simplify it by changing a few
passive voice statements into active voice, using easier words etc. Also fix
headings and remove TRM links.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
@jsuhaas22
Copy link
Copy Markdown
Collaborator Author

jsuhaas22 commented Apr 15, 2026

Done @manorit2001

@jsuhaas22 jsuhaas22 requested a review from manorit2001 April 15, 2026 15:02
@jsuhaas22 jsuhaas22 requested a review from p-shivhare-ti April 16, 2026 06:32
manorit2001
manorit2001 reviewed Apr 16, 2026
View reviewed changes
Comment thread source/linux/Foundational_Components_Secure_Boot.rst
other required boot artifacts. U-boot verifies the signed images on boot independently, without using TIFS. U-boot extracts each component from the FIT image and verifies its signature. Once u-boot verifies all components, it starts Linux. For more information, see: `U-Boot FIT Signature Documentation <https://docs.u-boot.org/en/latest/usage/fit/signature.html>`__

U-boot's output will be similar to this: (notice the "Authentication passed" lines as we authenticate the Linux kernel and DTB).
U-boot's output will be similar to this: (notice the "Authentication passed" lines as u-boot verifies the Linux kernel and DTB).
Copy link
Copy Markdown
Contributor

@manorit2001 manorit2001 Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we see Authentication passed? I think that was due to TIFS flows that we see this print, maybe updating the boot log would be good as well with this flow but a non blocker, you can remove these confusing lines as an alternative.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@praneethbajjuri praneethbajjuri praneethbajjuri approved these changes

@StaticRocket StaticRocket StaticRocket approved these changes

@shiva-ti shiva-ti shiva-ti approved these changes

@uditkumarti uditkumarti Awaiting requested review from uditkumarti uditkumarti is a code owner

@gehariprasath gehariprasath Awaiting requested review from gehariprasath gehariprasath is a code owner

@VeeruPrudhvi VeeruPrudhvi Awaiting requested review from VeeruPrudhvi VeeruPrudhvi is a code owner

@jeevantelukula jeevantelukula Awaiting requested review from jeevantelukula jeevantelukula is a code owner

@devarsht devarsht Awaiting requested review from devarsht

@r-vignesh r-vignesh Awaiting requested review from r-vignesh

@cshilwant cshilwant Awaiting requested review from cshilwant cshilwant is a code owner

@p-shivhare-ti p-shivhare-ti Awaiting requested review from p-shivhare-ti

+1 more reviewer

@manorit2001 manorit2001 manorit2001 approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

@praneethbajjuri praneethbajjuri

@devarsht devarsht

@r-vignesh r-vignesh

@gehariprasath gehariprasath

@uditkumarti uditkumarti

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.