From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gary Bisson Date: Tue, 23 Aug 2016 23:55:21 +0200 Subject: [U-Boot] [PATCH 3/3] nitrogen6x: add secure boot support In-Reply-To: <1471989321-25280-1-git-send-email-gary.bisson@boundarydevices.com> References: <1471989321-25280-1-git-send-email-gary.bisson@boundarydevices.com> Message-ID: <1471989321-25280-4-git-send-email-gary.bisson@boundarydevices.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Selecting the proper options to enable the build of the HAB tools. Also adding a CSF section to the imx final image so it can contain the signature information. Note, this support is disabled by default, one will have to select the SECURE_BOOT configuration through menuconfig to enable it. Signed-off-by: Gary Bisson --- board/boundary/nitrogen6x/nitrogen6dl.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6dl2g.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6q.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6q2g.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6s.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6s1g.cfg | 3 +++ include/configs/nitrogen6x.h | 9 +++++++++ 7 files changed, 27 insertions(+) diff --git a/board/boundary/nitrogen6x/nitrogen6dl.cfg b/board/boundary/nitrogen6x/nitrogen6dl.cfg index 1cdccad..5c3e961 100644 --- a/board/boundary/nitrogen6x/nitrogen6dl.cfg +++ b/board/boundary/nitrogen6x/nitrogen6dl.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg index 516d67e..fe19ed0 100644 --- a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg +++ b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6q.cfg b/board/boundary/nitrogen6x/nitrogen6q.cfg index b6642e6..60e1885 100644 --- a/board/boundary/nitrogen6x/nitrogen6q.cfg +++ b/board/boundary/nitrogen6x/nitrogen6q.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6q2g.cfg b/board/boundary/nitrogen6x/nitrogen6q2g.cfg index fe6dfc1..7a3ee94 100644 --- a/board/boundary/nitrogen6x/nitrogen6q2g.cfg +++ b/board/boundary/nitrogen6x/nitrogen6q2g.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6s.cfg b/board/boundary/nitrogen6x/nitrogen6s.cfg index ca30cd6..2540b7b 100644 --- a/board/boundary/nitrogen6x/nitrogen6s.cfg +++ b/board/boundary/nitrogen6x/nitrogen6s.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6s1g.cfg b/board/boundary/nitrogen6x/nitrogen6s1g.cfg index b1489fb..946af7b 100644 --- a/board/boundary/nitrogen6x/nitrogen6s1g.cfg +++ b/board/boundary/nitrogen6x/nitrogen6s1g.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/include/configs/nitrogen6x.h b/include/configs/nitrogen6x.h index b651eb3..3281e42 100644 --- a/include/configs/nitrogen6x.h +++ b/include/configs/nitrogen6x.h @@ -35,6 +35,15 @@ #define CONFIG_SF_DEFAULT_MODE (SPI_MODE_0) #endif +/* Secure boot (HAB) support */ +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_SYS_FSL_SEC_COMPAT 4 +#define CONFIG_FSL_CAAM +#define CONFIG_CMD_DEKBLOB +#define CONFIG_SYS_FSL_SEC_LE +#endif + /* I2C Configs */ #define CONFIG_SYS_I2C #define CONFIG_SYS_I2C_MXC -- 2.8.1