[U-Boot] [PATCH 1/3] arm: imx-common: add SECURE_BOOT option to Kconfig

Gary Bisson gary.bisson at boundarydevices.com
Wed Aug 24 12:12:37 CEST 2016


Hi Eric, all,

On Tue, Aug 23, 2016 at 05:24:48PM -0700, Eric Nelson wrote:
> Nicely done Gary!
> 
> On 08/23/2016 02:55 PM, Gary Bisson wrote:
> > So the option can easily be selected through menuconfig.
> > 
> > Signed-off-by: Gary Bisson <gary.bisson at boundarydevices.com>
> > ---
> >  arch/arm/imx-common/Kconfig | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> > 
> > diff --git a/arch/arm/imx-common/Kconfig b/arch/arm/imx-common/Kconfig
> > index 1b7da5a..5ee230e 100644
> > --- a/arch/arm/imx-common/Kconfig
> > +++ b/arch/arm/imx-common/Kconfig
> > @@ -17,3 +17,12 @@ config IMX_BOOTAUX
> >  	depends on ARCH_MX7 || ARCH_MX6
> >  	help
> >  	  bootaux [addr] to boot auxiliary core.
> > +
> > +config SECURE_BOOT
> > +	bool "Support i.MX HAB features"
> > +	depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
> > +	help
> > +	  This option enables the support for secure boot (HAB) which
> > +	  includes adding a CSF section to the final imx image and
>                    ^^^
> This doesn't add a CSF section.
> 
> Perhaps this should say "can enable a conditional section of an
> i.MX configuration (.cfg) file when producing an imx image".

Well now that you pointed out this sentence, I realize that it doesn't
even "add" the section per say, it just declares it in the IVT header.
It is then up to you to create and concatenate the CSF binary to the
u-boot.imx image.

For those not familiar with HAB:
https://boundarydevices.com/high-assurance-boot-hab-dummies/

Maybe in V2 I should keep it simple and just point to the README:
This option enables the support for secure boot (HAB).
See doc/README.mxc_hab for more details.

> > +	  some security-related commands such as 'hab_status'.
> > +	  See doc/README.mxc_hab for more details.
> > 
> 
> You should probably include a note in README.mxc_hab about use
> in .cfg files.

Yes that is a good point, will do in V2.

Regards,
Gary


More information about the U-Boot mailing list