[U-Boot] [PATCH 3/3] nitrogen6x: add secure boot support
Eric Nelson
eric at nelint.com
Wed Aug 24 02:35:14 CEST 2016
Hi Gary,
On 08/23/2016 02:55 PM, Gary Bisson wrote:
> Selecting the proper options to enable the build of the HAB tools.
>
> Also adding a CSF section to the imx final image so it can contain
> the signature information.
>
> Note, this support is disabled by default, one will have to select
> the SECURE_BOOT configuration through menuconfig to enable it.
>
> Signed-off-by: Gary Bisson <gary.bisson at boundarydevices.com>
> ---
> board/boundary/nitrogen6x/nitrogen6dl.cfg | 3 +++
> board/boundary/nitrogen6x/nitrogen6dl2g.cfg | 3 +++
> board/boundary/nitrogen6x/nitrogen6q.cfg | 3 +++
> board/boundary/nitrogen6x/nitrogen6q2g.cfg | 3 +++
> board/boundary/nitrogen6x/nitrogen6s.cfg | 3 +++
> board/boundary/nitrogen6x/nitrogen6s1g.cfg | 3 +++
> include/configs/nitrogen6x.h | 9 +++++++++
> 7 files changed, 27 insertions(+)
>
> diff --git a/board/boundary/nitrogen6x/nitrogen6dl.cfg b/board/boundary/nitrogen6x/nitrogen6dl.cfg
> index 1cdccad..5c3e961 100644
> --- a/board/boundary/nitrogen6x/nitrogen6dl.cfg
> +++ b/board/boundary/nitrogen6x/nitrogen6dl.cfg
> @@ -20,6 +20,9 @@ BOOT_FROM spi
>
> #define __ASSEMBLY__
> #include <config.h>
> +#ifdef CONFIG_SECURE_BOOT
> +CSF CONFIG_CSF_SIZE
> +#endif
> #include "asm/arch/mx6-ddr.h"
> #include "asm/arch/iomux.h"
> #include "asm/arch/crm_regs.h"
> diff --git a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg
> index 516d67e..fe19ed0 100644
> --- a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg
> +++ b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg
> @@ -20,6 +20,9 @@ BOOT_FROM spi
>
> #define __ASSEMBLY__
> #include <config.h>
> +#ifdef CONFIG_SECURE_BOOT
> +CSF CONFIG_CSF_SIZE
> +#endif
> #include "asm/arch/mx6-ddr.h"
> #include "asm/arch/iomux.h"
> #include "asm/arch/crm_regs.h"
> diff --git a/board/boundary/nitrogen6x/nitrogen6q.cfg b/board/boundary/nitrogen6x/nitrogen6q.cfg
> index b6642e6..60e1885 100644
> --- a/board/boundary/nitrogen6x/nitrogen6q.cfg
> +++ b/board/boundary/nitrogen6x/nitrogen6q.cfg
> @@ -20,6 +20,9 @@ BOOT_FROM spi
>
> #define __ASSEMBLY__
> #include <config.h>
> +#ifdef CONFIG_SECURE_BOOT
> +CSF CONFIG_CSF_SIZE
> +#endif
> #include "asm/arch/mx6-ddr.h"
> #include "asm/arch/iomux.h"
> #include "asm/arch/crm_regs.h"
> diff --git a/board/boundary/nitrogen6x/nitrogen6q2g.cfg b/board/boundary/nitrogen6x/nitrogen6q2g.cfg
> index fe6dfc1..7a3ee94 100644
> --- a/board/boundary/nitrogen6x/nitrogen6q2g.cfg
> +++ b/board/boundary/nitrogen6x/nitrogen6q2g.cfg
> @@ -20,6 +20,9 @@ BOOT_FROM spi
>
> #define __ASSEMBLY__
> #include <config.h>
> +#ifdef CONFIG_SECURE_BOOT
> +CSF CONFIG_CSF_SIZE
> +#endif
> #include "asm/arch/mx6-ddr.h"
> #include "asm/arch/iomux.h"
> #include "asm/arch/crm_regs.h"
> diff --git a/board/boundary/nitrogen6x/nitrogen6s.cfg b/board/boundary/nitrogen6x/nitrogen6s.cfg
> index ca30cd6..2540b7b 100644
> --- a/board/boundary/nitrogen6x/nitrogen6s.cfg
> +++ b/board/boundary/nitrogen6x/nitrogen6s.cfg
> @@ -20,6 +20,9 @@ BOOT_FROM spi
>
> #define __ASSEMBLY__
> #include <config.h>
> +#ifdef CONFIG_SECURE_BOOT
> +CSF CONFIG_CSF_SIZE
> +#endif
> #include "asm/arch/mx6-ddr.h"
> #include "asm/arch/iomux.h"
> #include "asm/arch/crm_regs.h"
> diff --git a/board/boundary/nitrogen6x/nitrogen6s1g.cfg b/board/boundary/nitrogen6x/nitrogen6s1g.cfg
> index b1489fb..946af7b 100644
> --- a/board/boundary/nitrogen6x/nitrogen6s1g.cfg
> +++ b/board/boundary/nitrogen6x/nitrogen6s1g.cfg
> @@ -20,6 +20,9 @@ BOOT_FROM spi
>
> #define __ASSEMBLY__
> #include <config.h>
> +#ifdef CONFIG_SECURE_BOOT
> +CSF CONFIG_CSF_SIZE
> +#endif
> #include "asm/arch/mx6-ddr.h"
> #include "asm/arch/iomux.h"
> #include "asm/arch/crm_regs.h"
> diff --git a/include/configs/nitrogen6x.h b/include/configs/nitrogen6x.h
> index b651eb3..3281e42 100644
> --- a/include/configs/nitrogen6x.h
> +++ b/include/configs/nitrogen6x.h
> @@ -35,6 +35,15 @@
> #define CONFIG_SF_DEFAULT_MODE (SPI_MODE_0)
> #endif
>
> +/* Secure boot (HAB) support */
> +#ifdef CONFIG_SECURE_BOOT
> +#define CONFIG_CSF_SIZE 0x2000
> +#define CONFIG_SYS_FSL_SEC_COMPAT 4
> +#define CONFIG_FSL_CAAM
> +#define CONFIG_CMD_DEKBLOB
> +#define CONFIG_SYS_FSL_SEC_LE
> +#endif
> +
I agree with the comment in your cover letter, that this belongs
in a common place.
More information about the U-Boot
mailing list