[PATCH 2/2] ARM: dts: imx8mm-venice: prepare for dek blob encapsulation
Tim Harvey
tharvey at gateworks.com
Thu Dec 14 17:25:43 CET 2023
Prepare for DEK blob encapsulation support through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application
call. U-boot sends and receives the DEK and the DEK blob binaries
through OP-TEE dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y
Taken from NXP's commit 56d2050f4028 ("imx8m: Add DEK blob encapsulation for imx8m").
Signed-off-by: Tim Harvey <tharvey at gateworks.com>
---
arch/arm/dts/imx8mm-venice-u-boot.dtsi | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/arm/dts/imx8mm-venice-u-boot.dtsi b/arch/arm/dts/imx8mm-venice-u-boot.dtsi
index 8337c4aea807..b232002b8937 100644
--- a/arch/arm/dts/imx8mm-venice-u-boot.dtsi
+++ b/arch/arm/dts/imx8mm-venice-u-boot.dtsi
@@ -11,6 +11,13 @@
wdt = <&wdog1>;
bootph-pre-ram;
};
+
+ firmware {
+ optee {
+ compatible = "linaro,optee-tz";
+ method = "smc";
+ };
+ };
};
&gpio1 {
--
2.25.1
More information about the U-Boot
mailing list