Skip to content

Commit a0a74d0

Browse files
shiva-tijeevantelukula
shiva-ti
authored and
jeevantelukula
committed
fix(security): correct AM62L removing R5 SPL reference
Correct existing diagram showing R5 SPL for AM62L as well. Add reference to fTPM based secure storage guide. Signed-off-by: Shiva Tripathi <s-tripathi1@ti.com>
1 parent b7a8798 commit a0a74d0

3 files changed

Lines changed: 18 additions & 7 deletions

File tree

source/images/Auth_default_bootflow_AM62L.png

23.6 KB
Loading

source/images/Auth_secure_bootflow_AM62L.png

32 KB
Loading

source/linux/Foundational_Components/System_Security/Auth_boot.rst

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -71,12 +71,16 @@ Before encrypting a drive, it is recommended to perform a secure erase by overwr
7171
Setup
7272
*****
7373

74-
.. Image:: /images/Auth_default_bootflow.png
75-
:align: center
74+
.. ifconfig:: CONFIG_part_variant not in ('AM62LX')
7675

77-
.. note::
76+
.. Image:: /images/Auth_default_bootflow.png
77+
:align: center
78+
79+
.. ifconfig:: CONFIG_part_variant in ('AM62LX')
80+
81+
.. Image:: /images/Auth_default_bootflow_AM62L.png
82+
:align: center
7883

79-
A new Yocto layer is in the works to automate all of the below steps
8084

8185
The following steps describe how to build user-space tools and configuration on Yocto. Please use :ref:`Processor SDK - Building the SDK with Yocto <building-the-sdk-with-yocto>` as reference.
8286

@@ -240,14 +244,21 @@ The following steps describe how to build user-space tools and configuration on
240244
241245
#. Repackage the initramfs into the kernel, build and replace the :file:`root/boot/Image` and boot.
242246

243-
.. Image:: /images/Auth_secure_bootflow.png
244-
:align: center
247+
.. ifconfig:: CONFIG_part_variant not in ('AM62LX')
248+
249+
.. Image:: /images/Auth_secure_bootflow.png
250+
:align: center
251+
252+
.. ifconfig:: CONFIG_part_variant in ('AM62LX')
253+
254+
.. Image:: /images/Auth_secure_bootflow_AM62L.png
255+
:align: center
245256

246257
**********
247258
Next steps
248259
**********
249260

250-
This guide showcases the authenticated boot flow on TI devices and is not meant to be directly used in production. The demo utilizes a pass_key to secure the encrypted partition and is placed in the initramfs in a non-secure manner.
261+
This guide showcases the authenticated boot flow on TI devices and is not meant to be directly used in production. The demo utilizes a pass_key to secure the encrypted partition and is placed in the initramfs in a non-secure manner. Refer :ref:`File System Encryption with fTPM <filesystem-encryption>` for details on using fTPM based key sealing and secure storage of keys.
251262

252263
********
253264
See Also

0 commit comments

Comments
 (0)