[U-Boot] [PATCH v2 2/5] arm: imx: add HAB authentication of image to SPL boot
George McCollister
george.mccollister at gmail.com
Thu Nov 10 20:24:32 CET 2016
On Sun, Nov 6, 2016 at 9:37 AM, Sven Ebenfeld <sven.ebenfeld at gmail.com> wrote:
> When using HAB as secure boot mechanism on Wandboard, the chain of
> trust breaks immediately after the SPL. As this is not checking
> the authenticity of the loaded image before jumping to it.
>
> The HAB status output will not be implemented in SPL as it adds
> a lot of strings that are only required in debug cases. With those
> it exceeds the maximum size of the available OCRAM (69 KiB).
>
> The SPL MISC driver support must be enabled, so that the driver can use OTP fuse
> to check if HAB is enabled.
>
> Cc: sbabic at denx.de
>
> v2-Changes: None
>
> Signed-off-by: Sven Ebenfeld <sven.ebenfeld at gmail.com>
> ---
> arch/arm/imx-common/hab.c | 129 ++++++++++++++++++----------------
> arch/arm/imx-common/spl.c | 25 +++++++
> arch/arm/imx-common/spl_sd.cfg | 10 +++
> arch/arm/include/asm/imx-common/hab.h | 2 +
> include/configs/mx6_common.h | 3 +
> 5 files changed, 110 insertions(+), 59 deletions(-)
>
Reviewed-by: George McCollister <george.mccollister at gmail.com>
Tested-by: George McCollister <george.mccollister at gmail.com>
More information about the U-Boot
mailing list