From: Gary Bisson <gary.bisson@boundarydevices.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/3] nitrogen6x: add secure boot support
Date: Wed, 24 Aug 2016 12:17:57 +0200 [thread overview]
Message-ID: <20160824101757.GC7045@t450s.lan> (raw)
In-Reply-To: <e300d622-e464-7bf8-3442-bdac6d41df3f@nelint.com>
Hi Eric, all,
On Tue, Aug 23, 2016 at 05:35:14PM -0700, Eric Nelson wrote:
> Hi Gary,
>
> On 08/23/2016 02:55 PM, Gary Bisson wrote:
> > Selecting the proper options to enable the build of the HAB tools.
> >
> > Also adding a CSF section to the imx final image so it can contain
> > the signature information.
> >
> > Note, this support is disabled by default, one will have to select
> > the SECURE_BOOT configuration through menuconfig to enable it.
> >
> > Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
> > ---
> > board/boundary/nitrogen6x/nitrogen6dl.cfg | 3 +++
> > board/boundary/nitrogen6x/nitrogen6dl2g.cfg | 3 +++
> > board/boundary/nitrogen6x/nitrogen6q.cfg | 3 +++
> > board/boundary/nitrogen6x/nitrogen6q2g.cfg | 3 +++
> > board/boundary/nitrogen6x/nitrogen6s.cfg | 3 +++
> > board/boundary/nitrogen6x/nitrogen6s1g.cfg | 3 +++
> > include/configs/nitrogen6x.h | 9 +++++++++
> > 7 files changed, 27 insertions(+)
> >
> > diff --git a/board/boundary/nitrogen6x/nitrogen6dl.cfg b/board/boundary/nitrogen6x/nitrogen6dl.cfg
> > index 1cdccad..5c3e961 100644
> > --- a/board/boundary/nitrogen6x/nitrogen6dl.cfg
> > +++ b/board/boundary/nitrogen6x/nitrogen6dl.cfg
> > @@ -20,6 +20,9 @@ BOOT_FROM spi
> >
> > #define __ASSEMBLY__
> > #include <config.h>
> > +#ifdef CONFIG_SECURE_BOOT
> > +CSF CONFIG_CSF_SIZE
> > +#endif
> > #include "asm/arch/mx6-ddr.h"
> > #include "asm/arch/iomux.h"
> > #include "asm/arch/crm_regs.h"
> > diff --git a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg
> > index 516d67e..fe19ed0 100644
> > --- a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg
> > +++ b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg
> > @@ -20,6 +20,9 @@ BOOT_FROM spi
> >
> > #define __ASSEMBLY__
> > #include <config.h>
> > +#ifdef CONFIG_SECURE_BOOT
> > +CSF CONFIG_CSF_SIZE
> > +#endif
> > #include "asm/arch/mx6-ddr.h"
> > #include "asm/arch/iomux.h"
> > #include "asm/arch/crm_regs.h"
> > diff --git a/board/boundary/nitrogen6x/nitrogen6q.cfg b/board/boundary/nitrogen6x/nitrogen6q.cfg
> > index b6642e6..60e1885 100644
> > --- a/board/boundary/nitrogen6x/nitrogen6q.cfg
> > +++ b/board/boundary/nitrogen6x/nitrogen6q.cfg
> > @@ -20,6 +20,9 @@ BOOT_FROM spi
> >
> > #define __ASSEMBLY__
> > #include <config.h>
> > +#ifdef CONFIG_SECURE_BOOT
> > +CSF CONFIG_CSF_SIZE
> > +#endif
> > #include "asm/arch/mx6-ddr.h"
> > #include "asm/arch/iomux.h"
> > #include "asm/arch/crm_regs.h"
> > diff --git a/board/boundary/nitrogen6x/nitrogen6q2g.cfg b/board/boundary/nitrogen6x/nitrogen6q2g.cfg
> > index fe6dfc1..7a3ee94 100644
> > --- a/board/boundary/nitrogen6x/nitrogen6q2g.cfg
> > +++ b/board/boundary/nitrogen6x/nitrogen6q2g.cfg
> > @@ -20,6 +20,9 @@ BOOT_FROM spi
> >
> > #define __ASSEMBLY__
> > #include <config.h>
> > +#ifdef CONFIG_SECURE_BOOT
> > +CSF CONFIG_CSF_SIZE
> > +#endif
> > #include "asm/arch/mx6-ddr.h"
> > #include "asm/arch/iomux.h"
> > #include "asm/arch/crm_regs.h"
> > diff --git a/board/boundary/nitrogen6x/nitrogen6s.cfg b/board/boundary/nitrogen6x/nitrogen6s.cfg
> > index ca30cd6..2540b7b 100644
> > --- a/board/boundary/nitrogen6x/nitrogen6s.cfg
> > +++ b/board/boundary/nitrogen6x/nitrogen6s.cfg
> > @@ -20,6 +20,9 @@ BOOT_FROM spi
> >
> > #define __ASSEMBLY__
> > #include <config.h>
> > +#ifdef CONFIG_SECURE_BOOT
> > +CSF CONFIG_CSF_SIZE
> > +#endif
> > #include "asm/arch/mx6-ddr.h"
> > #include "asm/arch/iomux.h"
> > #include "asm/arch/crm_regs.h"
> > diff --git a/board/boundary/nitrogen6x/nitrogen6s1g.cfg b/board/boundary/nitrogen6x/nitrogen6s1g.cfg
> > index b1489fb..946af7b 100644
> > --- a/board/boundary/nitrogen6x/nitrogen6s1g.cfg
> > +++ b/board/boundary/nitrogen6x/nitrogen6s1g.cfg
> > @@ -20,6 +20,9 @@ BOOT_FROM spi
> >
> > #define __ASSEMBLY__
> > #include <config.h>
> > +#ifdef CONFIG_SECURE_BOOT
> > +CSF CONFIG_CSF_SIZE
> > +#endif
> > #include "asm/arch/mx6-ddr.h"
> > #include "asm/arch/iomux.h"
> > #include "asm/arch/crm_regs.h"
> > diff --git a/include/configs/nitrogen6x.h b/include/configs/nitrogen6x.h
> > index b651eb3..3281e42 100644
> > --- a/include/configs/nitrogen6x.h
> > +++ b/include/configs/nitrogen6x.h
> > @@ -35,6 +35,15 @@
> > #define CONFIG_SF_DEFAULT_MODE (SPI_MODE_0)
> > #endif
> >
> > +/* Secure boot (HAB) support */
> > +#ifdef CONFIG_SECURE_BOOT
> > +#define CONFIG_CSF_SIZE 0x2000
> > +#define CONFIG_SYS_FSL_SEC_COMPAT 4
> > +#define CONFIG_FSL_CAAM
> > +#define CONFIG_CMD_DEKBLOB
> > +#define CONFIG_SYS_FSL_SEC_LE
> > +#endif
> > +
>
> I agree with the comment in your cover letter, that this belongs
> in a common place.
Does Fabio agree with that? Also, should we differenciate the options
needed for signature only (SECURE_BOOT and CSF_SIZE) to the other that
are only useful when encryption is needed.
Regards,
Gary
next prev parent reply other threads:[~2016-08-24 10:17 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-23 21:55 [U-Boot] [PATCH 0/3] Add i.MX HAB encryption support Gary Bisson
2016-08-23 21:55 ` [U-Boot] [PATCH 1/3] arm: imx-common: add SECURE_BOOT option to Kconfig Gary Bisson
2016-08-24 0:24 ` Eric Nelson
2016-08-24 10:12 ` Gary Bisson
2016-08-24 13:13 ` Eric Nelson
2016-08-23 21:55 ` [U-Boot] [PATCH 2/3] arm: imx-common: introduce back usec2ticks Gary Bisson
2016-08-24 0:30 ` Eric Nelson
2016-08-24 10:15 ` Gary Bisson
2016-08-23 21:55 ` [U-Boot] [PATCH 3/3] nitrogen6x: add secure boot support Gary Bisson
2016-08-24 0:35 ` Eric Nelson
2016-08-24 10:17 ` Gary Bisson [this message]
2016-08-25 16:22 ` Fabio Estevam
2016-08-25 17:03 ` [U-Boot] [PATCH v2 0/5] Add i.MX HAB encryption support Gary Bisson
2016-08-25 17:03 ` [U-Boot] [PATCH v2 1/5] arm: imx-common: add SECURE_BOOT option to Kconfig Gary Bisson
2016-08-25 17:03 ` [U-Boot] [PATCH v2 2/5] arm: imx-common: introduce back usec2ticks Gary Bisson
2016-08-25 17:03 ` [U-Boot] [PATCH v2 3/5] mx6_common: add secure boot support Gary Bisson
2016-08-25 17:03 ` [U-Boot] [PATCH v2 4/5] mx7_common: " Gary Bisson
2016-08-25 17:03 ` [U-Boot] [PATCH v2 5/5] nitrogen6x: " Gary Bisson
2016-10-17 7:09 ` [U-Boot] [PATCH v2 0/5] Add i.MX HAB encryption support Stefano Babic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160824101757.GC7045@t450s.lan \
--to=gary.bisson@boundarydevices.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox