diff options
| author | Jens Wiklander <jens.wiklander@linaro.org> | 2018-09-25 16:40:20 +0200 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2018-10-07 11:07:25 -0400 |
| commit | 6663e074780912b01c09afd0c139f29825f7775c (patch) | |
| tree | 64579ee74bdf8bfb23ae2436b84058deda624789 /doc | |
| parent | a6ab4245d1543e6e9fa7277389457e792a987b7f (diff) | |
| download | u-boot-6663e074780912b01c09afd0c139f29825f7775c.zip u-boot-6663e074780912b01c09afd0c139f29825f7775c.tar.gz u-boot-6663e074780912b01c09afd0c139f29825f7775c.tar.bz2 | |
avb_verify: support using OP-TEE TA AVB
With CONFIG_OPTEE_TA_AVB use the trusted application AVB provided by
OP-TEE to manage rollback indexes and device-lock status.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/README.avb2 | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/README.avb2 b/doc/README.avb2 index 120279f..a29cee1 100644 --- a/doc/README.avb2 +++ b/doc/README.avb2 @@ -18,6 +18,13 @@ Integrity of the bootloader (U-boot BLOB and environment) is out of scope. For additional details check: https://android.googlesource.com/platform/external/avb/+/master/README.md +1.1. AVB using OP-TEE (optional) +--------------------------------- +If AVB is configured to use OP-TEE (see 4. below) rollback indexes and +device lock state are stored in RPMB. The RPMB partition is managed by +OP-TEE (https://www.op-tee.org/) which is a secure OS leveraging ARM +TrustZone. + 2. AVB 2.0 U-BOOT SHELL COMMANDS ----------------------------------- @@ -61,6 +68,12 @@ CONFIG_LIBAVB=y CONFIG_AVB_VERIFY=y CONFIG_CMD_AVB=y +In addtion optionally if storing rollback indexes in RPMB with help of +OP-TEE: +CONFIG_TEE=y +CONFIG_OPTEE=y +CONFIG_OPTEE_TA_AVB=y +CONFIG_SUPPORT_EMMC_RPMB=y Then add `avb verify` invocation to your android boot sequence of commands, e.g.: |