[PATCH v6 03/11] ARM: dts: imx8mm-verdin: prepare for dek blob encapsulation
sbabic at denx.de
sbabic at denx.de
Wed Oct 20 16:43:08 CEST 2021
> From: Marcel Ziswiler <marcel.ziswiler at toradex.com>
> Prepare for DEK blob encapsulation support through "dek_blob" command.
> On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
> for encrypted boot.
> The DEK blob is encapsulated by OP-TEE through a trusted application
> call. U-boot sends and receives the DEK and the DEK blob binaries
> through OP-TEE dynamic shared memory.
> To enable the DEK blob encapsulation, add to the defconfig:
> CONFIG_SECURE_BOOT=y
> CONFIG_FAT_WRITE=y
> CONFIG_CMD_DEKBLOB=y
> Taken from NXP's commit 56d2050f4028 ("imx8m: Add DEK blob encapsulation
> for imx8m").
> Signed-off-by: Marcel Ziswiler <marcel.ziswiler at toradex.com>
> Reviewed-by: Fabio Estevam <festevam at gmail.com>
Applied to u-boot-imx, master, thanks !
Best regards,
Stefano Babic
--
=====================================================================
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================
More information about the U-Boot
mailing list