[U-Boot] [PATCH 1/3] arm: imx-common: add SECURE_BOOT option to Kconfig

Eric Nelson eric at nelint.com
Wed Aug 24 15:13:33 CEST 2016


Hi Gary,

On 08/24/2016 03:12 AM, Gary Bisson wrote:
> Hi Eric, all,
> 
> On Tue, Aug 23, 2016 at 05:24:48PM -0700, Eric Nelson wrote:
>> Nicely done Gary!
>>
>> On 08/23/2016 02:55 PM, Gary Bisson wrote:
>>> So the option can easily be selected through menuconfig.
>>>
>>> Signed-off-by: Gary Bisson <gary.bisson at boundarydevices.com>
>>> ---
>>>  arch/arm/imx-common/Kconfig | 9 +++++++++
>>>  1 file changed, 9 insertions(+)
>>>
>>> diff --git a/arch/arm/imx-common/Kconfig b/arch/arm/imx-common/Kconfig
>>> index 1b7da5a..5ee230e 100644
>>> --- a/arch/arm/imx-common/Kconfig
>>> +++ b/arch/arm/imx-common/Kconfig
>>> @@ -17,3 +17,12 @@ config IMX_BOOTAUX
>>>  	depends on ARCH_MX7 || ARCH_MX6
>>>  	help
>>>  	  bootaux [addr] to boot auxiliary core.
>>> +
>>> +config SECURE_BOOT
>>> +	bool "Support i.MX HAB features"
>>> +	depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
>>> +	help
>>> +	  This option enables the support for secure boot (HAB) which
>>> +	  includes adding a CSF section to the final imx image and
>>                    ^^^
>> This doesn't add a CSF section.
>>
>> Perhaps this should say "can enable a conditional section of an
>> i.MX configuration (.cfg) file when producing an imx image".
> 
> Well now that you pointed out this sentence, I realize that it doesn't
> even "add" the section per say, it just declares it in the IVT header.
> It is then up to you to create and concatenate the CSF binary to the
> u-boot.imx image.
> 
> For those not familiar with HAB:
> https://boundarydevices.com/high-assurance-boot-hab-dummies/
> 

Nice!

> Maybe in V2 I should keep it simple and just point to the README:
>
> 	This option enables the support for secure boot (HAB).
> 	See doc/README.mxc_hab for more details.
>

Perfect.

I think most folks only glance at the help while in menuconfig
and README.mxc_hab is a better place for background.

>>> +	  some security-related commands such as 'hab_status'.
>>> +	  See doc/README.mxc_hab for more details.
>>>
>>
>> You should probably include a note in README.mxc_hab about use
>> in .cfg files.
> 
> Yes that is a good point, will do in V2.
> 
> Regards,
> Gary
> 



More information about the U-Boot mailing list