aboutsummaryrefslogtreecommitdiff
path: root/doc/arch/sandbox.rst
diff options
context:
space:
mode:
authorTom Rini <trini@konsulko.com>2022-05-02 19:02:44 -0400
committerTom Rini <trini@konsulko.com>2022-05-02 19:02:44 -0400
commitedb6982b5800603a67ff3710ef074ff7ac86e5ea (patch)
treefc34fe0a38d6f3884c60993ce06fb0f58536d60a /doc/arch/sandbox.rst
parent2406a91734eb4eeeb50fdfaeff65d0b7f464dba9 (diff)
parenta31eff3015afc80429e2734781eaf52e48ab6663 (diff)
Merge branch '2022-05-02-add-verifying-program-loader'
To quote the author: U-Boot provides a verified-boot feature based around FIT, but there is no standard way of implementing it for a board. At present the various required pieces must be built up separately, to produce a working implementation. In particular, there is no built-in support for selecting A/B boot or recovery mode. This series introduces VPL, a verified program loader phase for U-Boot. Its purpose is to run the verified-boot process and decide which SPL binary should be run. It is critical that this decision happens before SPL runs, since SPL sets up SDRAM and we need to be able to update the SDRAM-init code in the field. Adding VPL into the boot flow provides a standard place to implement verified boot. This series includes the phase itself, some useful Kconfig options and a sandbox_vpl build for sandbox. No verfied-boot support is provided in this series. Most of the patches in this series are fixes and improvements to docs and various Kconfig conditions for SPL.
Diffstat (limited to 'doc/arch/sandbox.rst')
-rw-r--r--doc/arch/sandbox.rst13
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/arch/sandbox.rst b/doc/arch/sandbox.rst
index e1119492b4..bc670b98b7 100644
--- a/doc/arch/sandbox.rst
+++ b/doc/arch/sandbox.rst
@@ -420,6 +420,19 @@ state_setprop() which does this automatically and avoids running out of
space. See existing code for examples.
+VPL (Verifying Program Loader)
+------------------------------
+
+Sandbox provides an example build of vpl called `sandbox_vpl`. This can be run
+using::
+
+ /path/to/sandbox_vpl/tpl/u-boot-tpl -D
+
+It starts up TPL (first-stage init), then VPL, then runs SPL and finally U-Boot
+proper, following the normal flow for a verified boot. At present, no
+verification is actually implemented.
+
+
Debugging the init sequence
---------------------------