fix(security): Formatting cleanup to Secure Boot page

Pratham-T · Pratham-T · commit dce2a4fd0945 · 2026-04-28T15:44:44.000+05:30
Changes the indentation to 3 spaces, adds :file: and :code: directive to
appropriate places, and wrap long lines to 80 characters. While here,
also update the name "U-Boot" to have a consistent case everywhere, and
update ATF to TF-A.

Signed-off-by: T Pratham &lt;t-pratham@ti.com&gt;
diff --git a/source/linux/Foundational_Components_Secure_Boot.rst b/source/linux/Foundational_Components_Secure_Boot.rst
@@ -15,7 +15,7 @@ pass authentication for Public Boot ROM to continue boot. It is then the respons
 each next stage is itself authenticated. One weak link and all lower trust levels could be compromised.
 
 .. Note::
-    Example: Forgetting to disable u-boot console or environment loading means a non-secured linux can be loaded. The U-Boot console (or command
+    Example: Forgetting to disable U-Boot console or environment loading means a non-secured linux can be loaded. The U-Boot console (or command
     line interface (CLI)) and environment are powerful features that make it great for creating a customized boot process. However,
     leaving either or them enabled in a production system allows non-secured software to be loaded and the Chain-of-Trust to be broken.
 
@@ -24,7 +24,7 @@ The following is an example list where Chain-of-Trust should be maintained.
 - Remove U-Boot uEnv.txt loading support.
 - Disable environment loading (the default built-in environment must be compiled to be the one you want).
 - Environment must not fallback to other boot modes.
-- Place firewalls in board-config to match the location of loaded artifacts (ATF/OP-TEE).
+- Place firewalls in board-config to match the location of loaded artifacts (TF-A/OP-TEE).
 - Update debug sections of initial image cert.
 - Enable DM-verity/DM-crypt.
 - Set root password or disable root account.
@@ -55,11 +55,12 @@ The following is an example list where Chain-of-Trust should be maintained.
    .. Image:: /images/K3_KF.png
       :scale: 70%
 
-Secure boot has layers. Some layers are trusted more than others. Secure ROM has the highest trust and Runtime Execution
-Environment (REE) non-trustzone user-space applications have the least. If a
-lower trust entity must load a higher trust code, an even higher trust entity
-must verify it and not allow access by the lower trust entity after that
-point. Some such trust inversions are as follows:
+Secure boot has layers. Some layers are trusted more than others. Secure ROM
+has the highest trust and Runtime Execution Environment (REE) non-trustzone
+user-space applications have the least. If a lower trust entity must load a
+higher trust code, an even higher trust entity must verify it and not allow
+access by the lower trust entity after that point. Some such trust inversions
+are as follows:
 
 .. ifconfig:: CONFIG_part_variant in ('AM62LX')
 
@@ -73,7 +74,8 @@ point. Some such trust inversions are as follows:
    - R5 Public Boot ROM loading TIFS
    - Linux loading Trusted applications (TA)
 
-These are called out in the sequence as shown in the following image and their method of ensuring trust is explained.
+These are called out in the sequence as shown in the following image and
+their method of ensuring trust is explained.
 
 Secure Boot Flow
 --------------------
@@ -128,7 +130,8 @@ Secure Boot Flow
    location is device dependent. More details can be found in the device
    "Technical Reference Manual".
 
-   The contents of this first stage image are authenticated and decrypted by the Secure ROM. Contents include:
+   The contents of this first stage image are authenticated and decrypted by
+   the Secure ROM. Contents include:
 
    * `Texas Instruments Foundational Security (TIFS)` firmware: After authentication/decryption, TIFS firmware replaces the Secure ROM as the authenticator entity executing on the M4 core in the 2nd phase of the boot.
    * BL-1: The pre-bootloader executed on the A53 core, initializes the console and DDR for the 2nd phase of the boot.
@@ -212,84 +215,98 @@ Secure Boot Flow
 
 .. rubric:: U-Boot
 
-The boot flow continues as it does on a non-secure device, until loading the next FIT image named `fitImage`. This FIT image includes the Linux kernel, DTB, and
-other required boot artifacts. U-boot verifies the signed images on boot independently, without using TIFS. U-boot extracts each component from the FIT image and verifies its signature. Once u-boot verifies all components, it starts Linux. For more information, see: `U-Boot FIT Signature Documentation <https://docs.u-boot.org/en/latest/usage/fit/signature.html>`__
+The boot flow continues as it does on a non-secure device, until loading the
+next FIT image named :file:`fitImage`. This FIT image includes the Linux
+kernel, DTB, and other required boot artifacts. U-Boot verifies the signed
+images on boot independently, without using TIFS. U-Boot extracts each
+component from the FIT image and verifies its signature. Once U-Boot verifies
+all components, it starts Linux. For more information, see:
+`U-Boot FIT Signature Documentation <https://docs.u-boot.org/en/latest/usage/fit/signature.html>`__
 
-U-boot's output will be similar to this:
+U-Boot's output will be similar to this:
 
 .. code-block:: console
 
-    U-Boot 2021.01-g2de57d278b (May 16 2022 - 14:28:40 +0000)
-
-    SoC:   AM64X SR1.0
-    Model: Texas Instruments AM642 EVM
-    Board: AM64-GPEVM rev A
-    DRAM:  2 GiB
-    NAND:  0 MiB
-    MMC:   mmc@fa10000: 0, mmc@fa00000: 1
-    Loading Environment from FAT... *** Warning - bad CRC, using default environment
-
-    In:    serial@2800000
-    Out:   serial@2800000
-    Err:   serial@2800000
-    Net:   eth0: ethernet@8000000port@1
-    Hit any key to stop autoboot:  0
-    switch to partitions #0, OK
-    mmc1 is current device
-    SD/MMC found on device 1
-    Failed to load 'boot.scr'
-    1011 bytes read in 2 ms (493.2 KiB/s)
-    Loaded env from uEnv.txt
-    Importing environment from mmc1 ...
-    Running uenvcmd ...
-    7862647 bytes read in 328 ms (22.9 MiB/s)
-    ## Loading kernel from FIT Image at 90000000 ...
-    Using 'k3-am642-evm.dtb' configuration
-    Trying 'kernel@1' kernel subimage
-        Description:  Linux kernel
-        Type:         Kernel Image
-        Compression:  gzip compressed
-        Data Start:   0x900000f8
-        Data Size:    7743643 Bytes = 7.4 MiB
-        Architecture: AArch64
-        OS:           Linux
-        Load Address: 0x80080000
-        Entry Point:  0x80080000
-    Verifying Hash Integrity ... OK
-    ## Loading fdt from FIT Image at 90000000 ...
-    Using 'k3-am642-evm.dtb' configuration
-    Trying 'k3-am642-evm.dtb' fdt subimage
-        Description:  Flattened Device Tree blob
-        Type:         Flat Device Tree
-        Compression:  uncompressed
-        Data Start:   0x90762a54
-        Data Size:    56436 Bytes = 55.1 KiB
-        Architecture: AArch64
-        Load Address: 0x83000000
-    Verifying Hash Integrity ... OK
-    Loading fdt from 0x90762a54 to 0x83000000
-    Booting using the fdt blob at 0x83000000
-    Uncompressing Kernel Image
-    Loading Device Tree to 000000008ffef000, end 000000008ffff602 ... OK
+   U-Boot 2021.01-g2de57d278b (May 16 2022 - 14:28:40 +0000)
+
+   SoC:   AM64X SR1.0
+   Model: Texas Instruments AM642 EVM
+   Board: AM64-GPEVM rev A
+   DRAM:  2 GiB
+   NAND:  0 MiB
+   MMC:   mmc@fa10000: 0, mmc@fa00000: 1
+   Loading Environment from FAT... *** Warning - bad CRC, using default environment
+
+   In:    serial@2800000
+   Out:   serial@2800000
+   Err:   serial@2800000
+   Net:   eth0: ethernet@8000000port@1
+   Hit any key to stop autoboot:  0
+   switch to partitions #0, OK
+   mmc1 is current device
+   SD/MMC found on device 1
+   Failed to load 'boot.scr'
+   1011 bytes read in 2 ms (493.2 KiB/s)
+   Loaded env from uEnv.txt
+   Importing environment from mmc1 ...
+   Running uenvcmd ...
+   7862647 bytes read in 328 ms (22.9 MiB/s)
+   ## Loading kernel from FIT Image at 90000000 ...
+   Using 'k3-am642-evm.dtb' configuration
+   Trying 'kernel@1' kernel subimage
+      Description:  Linux kernel
+      Type:         Kernel Image
+      Compression:  gzip compressed
+      Data Start:   0x900000f8
+      Data Size:    7743643 Bytes = 7.4 MiB
+      Architecture: AArch64
+      OS:           Linux
+      Load Address: 0x80080000
+      Entry Point:  0x80080000
+   Verifying Hash Integrity ... OK
+   ## Loading fdt from FIT Image at 90000000 ...
+   Using 'k3-am642-evm.dtb' configuration
+   Trying 'k3-am642-evm.dtb' fdt subimage
+      Description:  Flattened Device Tree blob
+      Type:         Flat Device Tree
+      Compression:  uncompressed
+      Data Start:   0x90762a54
+      Data Size:    56436 Bytes = 55.1 KiB
+      Architecture: AArch64
+      Load Address: 0x83000000
+   Verifying Hash Integrity ... OK
+   Loading fdt from 0x90762a54 to 0x83000000
+   Booting using the fdt blob at 0x83000000
+   Uncompressing Kernel Image
+   Loading Device Tree to 000000008ffef000, end 000000008ffff602 ... OK
 
 .. rubric:: Linux
 
-If initramfs is included, we can trust our initial modules and tasks, but we cannot trust anything beyond this as the root file-system may have been
-modified. To allow trusted use of files outside of our initramfs we use dm-verity. With this we can authenticate a block device as we read from it. As
-any changes to this block-device will cause the authentication to fail, we cannot put any user-modifiable configurations or user installed programs
-here. Only important, read-only, files should be placed on this partition, such as static kernel and operating system files and configurations. All
-other files must be placed in a non-verifiable read-write user partition.
+If initramfs is included, we can trust our initial modules and tasks, but we
+cannot trust anything beyond this as the root file-system may have been
+modified. To allow trusted use of files outside of our initramfs we use
+dm-verity. With this we can authenticate a block device as we read from it. As
+any changes to this block-device will cause the authentication to fail, we
+cannot put any user-modifiable configurations or user installed programs here.
+Only important, read-only, files should be placed on this partition, such as
+static kernel and operating system files and configurations. All other files
+must be placed in a non-verifiable read/write user partition.
 
 HS Boot Flow Tools
 -------------------
 
-U-boot:
+U-Boot:
 
    .. ifconfig:: CONFIG_part_variant not in ('AM62LX')
 
-      The ti-u-boot source is a project used to create tiboot3.bin, tispl.bin, and u-boot.img. To create  tiboot3.bin for K3 family devices, u-boot builds R5 SPL and
-      binman packages it in a `tiboot3.bin` image. To build A53 SPL, binman takes TF-A (bl31.bin), OPTEE (bl32.bin), A53 SPL, and A53 DTBs and packages
-      them in a `tispl.bin` image. U-Boot can then use the openssl library to sign each component as specified in k3-<soc>-binman.dtsi.
+      The ti-u-boot source is a project used to create :file:`tiboot3.bin`,
+      :file:`tispl.bin`, and :file:`u-boot.img`. To create :file:`tiboot3.bin`
+      for K3 family devices, U-Boot builds R5 SPL and binman packages it in a
+      :file:`tiboot3.bin` image. To build A53 SPL, binman takes TF-A
+      (:file:`bl31.bin`), OPTEE (:file:`bl32.bin`), A53 SPL, and A53 DTBs and
+      packages them in a :file:`tispl.bin` image. U-Boot can then use the
+      openssl library to sign each component as specified in
+      :file:`k3-<soc>-binman.dtsi`.
 
       .. code-block:: console
 
@@ -320,47 +337,57 @@ U-boot:
 
 Linux:
 
-    The ti-linux source is a TI project used to build Linux kernel, DTB, and other boot artifacts. Some of these components could be included in a verifiable image
-    `fitImage`. For HS devices, only the fitImage will be allowed to boot once `fitImage` has been authenticated.
+   The ti-linux source is a TI project used to build Linux kernel, DTB, and
+   other boot artifacts. Some of these components could be included in a
+   verifiable image :file:`fitImage`. For HS devices, only the fitImage will be
+   allowed to boot once :file:`fitImage` has been authenticated.
 
-    .. code-block:: console
+   .. code-block:: console
 
-        $ git clone https://git.ti.com/git/ti-linux-kernel/ti-linux-kernel.git
+      $ git clone https://git.ti.com/git/ti-linux-kernel/ti-linux-kernel.git
 
-        Example use:
-        $ make ARCH=arm64 CROSS_COMPILE=aarch64-none-linux-gnu- defconfig ti_arm64_prune.config
-        $ make ARCH=arm64 CROSS_COMPILE=aarch64-none-linux-gnu- menuconfig
-        $ make ARCH=arm64 CROSS_COMPILE=aarch64-none-linux-gnu-
+      $ #Example use:
+      $ make ARCH=arm64 CROSS_COMPILE=aarch64-none-linux-gnu- defconfig ti_arm64_prune.config
+      $ make ARCH=arm64 CROSS_COMPILE=aarch64-none-linux-gnu- menuconfig
+      $ make ARCH=arm64 CROSS_COMPILE=aarch64-none-linux-gnu-
 
-ATF:
+TF-A:
 
-    The ATF source (now called TF-A) is used to build `bl31.bin` that gets packaged into `tispl.bin`. For HS devices, this binary needs to be signed.
+   The TF-A source (formerly called ATF) is used to build :file:`bl31.bin` that
+   gets packaged into :file:`tispl.bin`. For HS devices, this binary needs to
+   be signed.
 
-    .. code-block:: console
+   .. code-block:: console
 
-        $ git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
+      $ git clone https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
 
-        Example use:
-        $ make ARCH=aarch64 CROSS_COMPILE=aarch64-none-linux-gnu- PLAT=k3 TARGET_BOARD=lite SPD=opteed
+      $ # Example use:
+      $ make ARCH=aarch64 CROSS_COMPILE=aarch64-none-linux-gnu- PLAT=k3 TARGET_BOARD=lite SPD=opteed
 
 OPTEE:
 
-   The OPTEE source is used to build `bl32.bin/tee-pager_v2.bin` that gets packaged into `tispl.bin`. For HS devices, this binary needs to be signed.
+   The OPTEE source is used to build :file:`bl32.bin/tee-pager_v2.bin` that
+   gets packaged into :file:`tispl.bin`. For HS devices, this binary needs to
+   be signed.
 
-    .. code-block:: console
+   .. code-block:: console
 
-        $ git clone https://github.com/OP-TEE/optee_os.git
+      $ git clone https://github.com/OP-TEE/optee_os.git
 
-        Example use:
-        $ make CROSS_COMPILE64=aarch64-linux-gnu- PLATFORM=k3-<soc> CFG_ARM64_core=y
+      $ # Example use:
+      $ make CROSS_COMPILE64=aarch64-linux-gnu- PLATFORM=k3-<soc> CFG_ARM64_core=y
 
 Ti-linux-firmware:
 
-    The ti-linux-firmware is a TI repository where all firmware releases are stored. Firmwares for a device family can also be found in the pre-built SDK
-    under :file:`<path-to-tisdk>/board-support/prebuilt-images/<evm>`. Binman expects to find the device firmware with the following appended to u-boot build command:
-    BINMAN_INDIRS=<path-to-tisdk>/board-support/prebuilt-images, and expects to find a ti-sysfw directory in this path.
+   The ti-linux-firmware is a TI repository where all firmware releases are
+   stored. Firmwares for a device family can also be found in the pre-built SDK
+   under :file:`<path-to-tisdk>/board-support/prebuilt-images/<evm>`. Binman
+   expects to find the device firmware with the following appended to U-Boot
+   build command:
+   :code:`BINMAN_INDIRS=<path-to-tisdk>/board-support/prebuilt-images`, and
+   expects to find a ti-sysfw directory in this path.
 
-    .. code-block:: console
+   .. code-block:: console
 
-        $ <https://git.ti.com/git/processor-firmware/ti-linux-firmware.git
-        Branch: ti-linux-firmware.
+      $ git clone https://git.ti.com/git/processor-firmware/ti-linux-firmware.git
+      Branch: ti-linux-firmware.
