mirror of
https://github.com/u-boot/u-boot.git
synced 2024-11-24 12:44:23 +08:00
imx: replace CONFIG_SECURE_BOOT with CONFIG_IMX_HAB
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross architecture purposes. If Secure Boot is required for imx, this means to enable and use the HAB processor in the soc. Signed-off-by: Stefano Babic <sbabic@denx.de>
This commit is contained in:
parent
c115cd154c
commit
d714a75fd4
4
Makefile
4
Makefile
@ -830,10 +830,10 @@ ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl
|
||||
endif
|
||||
endif
|
||||
ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin
|
||||
ifeq ($(CONFIG_MX6)$(CONFIG_SECURE_BOOT), yy)
|
||||
ifeq ($(CONFIG_MX6)$(CONFIG_IMX_HAB), yy)
|
||||
ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot-ivt.img
|
||||
else
|
||||
ifeq ($(CONFIG_MX7)$(CONFIG_SECURE_BOOT), yy)
|
||||
ifeq ($(CONFIG_MX7)$(CONFIG_IMX_HAB), yy)
|
||||
ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot-ivt.img
|
||||
else
|
||||
ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img
|
||||
|
@ -812,7 +812,7 @@ config ARCH_MX7
|
||||
select ARCH_MISC_INIT
|
||||
select BOARD_EARLY_INIT_F
|
||||
select CPU_V7A
|
||||
select SYS_FSL_HAS_SEC if SECURE_BOOT
|
||||
select SYS_FSL_HAS_SEC if IMX_HAB
|
||||
select SYS_FSL_SEC_COMPAT_4
|
||||
select SYS_FSL_SEC_LE
|
||||
imply MXC_GPIO
|
||||
@ -820,7 +820,7 @@ config ARCH_MX7
|
||||
config ARCH_MX6
|
||||
bool "Freescale MX6"
|
||||
select CPU_V7A
|
||||
select SYS_FSL_HAS_SEC if SECURE_BOOT
|
||||
select SYS_FSL_HAS_SEC if IMX_HAB
|
||||
select SYS_FSL_SEC_COMPAT_4
|
||||
select SYS_FSL_SEC_LE
|
||||
select SYS_THUMB_BUILD if SPL
|
||||
|
@ -357,7 +357,7 @@ int set_clk_nand(void);
|
||||
void enable_ocotp_clk(unsigned char enable);
|
||||
#endif
|
||||
void enable_usboh3_clk(unsigned char enable);
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
void hab_caam_clock_enable(unsigned char enable);
|
||||
#endif
|
||||
void mxs_set_lcdclk(uint32_t base_addr, uint32_t freq);
|
||||
|
@ -130,7 +130,7 @@ struct imx_sec_config_fuse_t {
|
||||
int word;
|
||||
};
|
||||
|
||||
#if defined(CONFIG_SECURE_BOOT)
|
||||
#if defined(CONFIG_IMX_HAB)
|
||||
extern struct imx_sec_config_fuse_t const imx_sec_config_fuse;
|
||||
#endif
|
||||
|
||||
|
@ -34,7 +34,7 @@ config USE_IMXIMG_PLUGIN
|
||||
i.MX6/7 supports DCD and Plugin. Enable this configuration
|
||||
to use Plugin, otherwise DCD will be used.
|
||||
|
||||
config SECURE_BOOT
|
||||
config IMX_HAB
|
||||
bool "Support i.MX HAB features"
|
||||
depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
|
||||
select FSL_CAAM if HAS_CAAM
|
||||
|
@ -44,12 +44,12 @@ ifneq ($(CONFIG_SPL_BUILD),y)
|
||||
obj-$(CONFIG_IMX_BOOTAUX) += imx_bootaux.o
|
||||
endif
|
||||
obj-$(CONFIG_SATA) += sata.o
|
||||
obj-$(CONFIG_SECURE_BOOT) += hab.o
|
||||
obj-$(CONFIG_IMX_HAB) += hab.o
|
||||
obj-$(CONFIG_SYSCOUNTER_TIMER) += syscounter.o
|
||||
endif
|
||||
ifeq ($(SOC),$(filter $(SOC),mx7ulp))
|
||||
obj-y += cache.o
|
||||
obj-$(CONFIG_SECURE_BOOT) += hab.o
|
||||
obj-$(CONFIG_IMX_HAB) += hab.o
|
||||
endif
|
||||
ifeq ($(SOC),$(filter $(SOC),vf610))
|
||||
obj-y += ddrmc-vf610.o
|
||||
|
@ -22,7 +22,7 @@
|
||||
|
||||
DECLARE_GLOBAL_DATA_PTR;
|
||||
|
||||
#if defined(CONFIG_SECURE_BOOT)
|
||||
#if defined(CONFIG_IMX_HAB)
|
||||
struct imx_sec_config_fuse_t const imx_sec_config_fuse = {
|
||||
.bank = 1,
|
||||
.word = 3,
|
||||
|
@ -1152,7 +1152,7 @@ int enable_pcie_clock(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
void hab_caam_clock_enable(unsigned char enable)
|
||||
{
|
||||
u32 reg;
|
||||
|
@ -50,7 +50,7 @@ U_BOOT_DEVICE(imx6_thermal) = {
|
||||
};
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_SECURE_BOOT)
|
||||
#if defined(CONFIG_IMX_HAB)
|
||||
struct imx_sec_config_fuse_t const imx_sec_config_fuse = {
|
||||
.bank = 0,
|
||||
.word = 6,
|
||||
|
@ -1074,7 +1074,7 @@ void clock_init(void)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
void hab_caam_clock_enable(unsigned char enable)
|
||||
{
|
||||
if (enable)
|
||||
|
@ -122,7 +122,7 @@ static void isolate_resource(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_SECURE_BOOT)
|
||||
#if defined(CONFIG_IMX_HAB)
|
||||
struct imx_sec_config_fuse_t const imx_sec_config_fuse = {
|
||||
.bank = 1,
|
||||
.word = 3,
|
||||
|
@ -314,7 +314,7 @@ void clock_init(void)
|
||||
enable_usboh3_clk(1);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
void hab_caam_clock_enable(unsigned char enable)
|
||||
{
|
||||
if (enable)
|
||||
|
@ -11,7 +11,7 @@
|
||||
|
||||
static char *get_reset_cause(char *);
|
||||
|
||||
#if defined(CONFIG_SECURE_BOOT)
|
||||
#if defined(CONFIG_IMX_HAB)
|
||||
struct imx_sec_config_fuse_t const imx_sec_config_fuse = {
|
||||
.bank = 29,
|
||||
.word = 6,
|
||||
|
@ -222,7 +222,7 @@ u32 spl_boot_mode(const u32 boot_device)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_SECURE_BOOT)
|
||||
#if defined(CONFIG_IMX_HAB)
|
||||
|
||||
/*
|
||||
* +------------+ 0x0 (DDR_UIMAGE_START) -
|
||||
|
@ -12,6 +12,6 @@ BOOT_FROM sd
|
||||
/*
|
||||
* Secure boot support
|
||||
*/
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
@ -19,7 +19,7 @@ BOOT_FROM spi
|
||||
|
||||
#define __ASSEMBLY__
|
||||
#include <config.h>
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
#include "asm/arch/mx6-ddr.h"
|
||||
|
@ -19,7 +19,7 @@ BOOT_FROM spi
|
||||
|
||||
#define __ASSEMBLY__
|
||||
#include <config.h>
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
#include "asm/arch/mx6-ddr.h"
|
||||
|
@ -19,7 +19,7 @@ BOOT_FROM spi
|
||||
|
||||
#define __ASSEMBLY__
|
||||
#include <config.h>
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
#include "asm/arch/mx6-ddr.h"
|
||||
|
@ -19,7 +19,7 @@ BOOT_FROM spi
|
||||
|
||||
#define __ASSEMBLY__
|
||||
#include <config.h>
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
#include "asm/arch/mx6-ddr.h"
|
||||
|
@ -19,7 +19,7 @@ BOOT_FROM spi
|
||||
|
||||
#define __ASSEMBLY__
|
||||
#include <config.h>
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
#include "asm/arch/mx6-ddr.h"
|
||||
|
@ -19,7 +19,7 @@ BOOT_FROM spi
|
||||
|
||||
#define __ASSEMBLY__
|
||||
#include <config.h>
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
#include "asm/arch/mx6-ddr.h"
|
||||
|
@ -24,7 +24,7 @@ BOOT_FROM sd
|
||||
/*
|
||||
* Secure boot support
|
||||
*/
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
||||
|
@ -27,7 +27,7 @@ BOOT_FROM sd
|
||||
PLUGIN board/freescale/mx6sllevk/plugin.bin 0x00907000
|
||||
#else
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
||||
|
@ -20,7 +20,7 @@ BOOT_FROM sd
|
||||
/*
|
||||
* Secure boot support
|
||||
*/
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
||||
|
@ -33,7 +33,7 @@ BOOT_FROM sd
|
||||
PLUGIN board/freescale/mx6ullevk/plugin.bin 0x00907000
|
||||
#else
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
||||
|
@ -24,7 +24,7 @@ BOOT_FROM sd
|
||||
/*
|
||||
* Secure boot support
|
||||
*/
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
||||
|
@ -27,7 +27,7 @@ BOOT_FROM sd
|
||||
PLUGIN board/freescale/mx7ulp_evk/plugin.bin 0x2F020000
|
||||
#else
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
/*
|
||||
|
@ -25,7 +25,7 @@ BOOT_FROM nand
|
||||
/*
|
||||
* Secure boot support
|
||||
*/
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
||||
|
@ -25,7 +25,7 @@ BOOT_FROM sd
|
||||
/*
|
||||
* Secure boot support
|
||||
*/
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
||||
|
@ -24,7 +24,7 @@ BOOT_FROM sd
|
||||
/*
|
||||
* Secure boot support
|
||||
*/
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG__IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
||||
|
@ -12,7 +12,7 @@
|
||||
#include <config.h>
|
||||
|
||||
IMAGE_VERSION 2
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
CSF CONFIG_CSF_SIZE
|
||||
#endif
|
||||
|
||||
|
@ -146,7 +146,7 @@ int board_late_init(void)
|
||||
*/
|
||||
clrsetbits_le16(&wdog->wcr, 0, 0x10);
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
/* Determine HAB state */
|
||||
env_set_ulong(HAB_ENABLED_ENVNAME, imx_hab_is_enabled());
|
||||
#else
|
||||
|
@ -553,7 +553,7 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
|
||||
|
||||
spl_image->flags |= SPL_FIT_FOUND;
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#ifdef CONFIG_IMX_HAB
|
||||
board_spl_fit_post_load((ulong)fit, size);
|
||||
#endif
|
||||
|
||||
|
@ -2,7 +2,7 @@ CONFIG_ARM=y
|
||||
CONFIG_SYS_THUMB_BUILD=y
|
||||
CONFIG_ARCH_MX7=y
|
||||
CONFIG_SYS_TEXT_BASE=0x87800000
|
||||
CONFIG_SECURE_BOOT=y
|
||||
CONFIG_IMX_HAB=y
|
||||
CONFIG_TARGET_COLIBRI_IMX7=y
|
||||
CONFIG_NR_DRAM_BANKS=1
|
||||
CONFIG_IMX_RDC=y
|
||||
|
@ -2,7 +2,7 @@ CONFIG_ARM=y
|
||||
CONFIG_SYS_THUMB_BUILD=y
|
||||
CONFIG_ARCH_MX7=y
|
||||
CONFIG_SYS_TEXT_BASE=0x87800000
|
||||
CONFIG_SECURE_BOOT=y
|
||||
CONFIG_IMX_HAB=y
|
||||
CONFIG_TARGET_COLIBRI_IMX7=y
|
||||
CONFIG_TARGET_COLIBRI_IMX7_EMMC=y
|
||||
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
|
||||
|
@ -1,7 +1,7 @@
|
||||
CONFIG_ARM=y
|
||||
CONFIG_ARCH_MX6=y
|
||||
CONFIG_SYS_TEXT_BASE=0x17800000
|
||||
CONFIG_SECURE_BOOT=y
|
||||
CONFIG_IMX_HAB=y
|
||||
CONFIG_TARGET_MX6DL_MAMOJ=y
|
||||
CONFIG_NR_DRAM_BANKS=1
|
||||
CONFIG_CSF_SIZE=0x2060
|
||||
|
@ -1,7 +1,7 @@
|
||||
CONFIG_ARM=y
|
||||
CONFIG_ARCH_MX7=y
|
||||
CONFIG_SYS_TEXT_BASE=0x87800000
|
||||
CONFIG_SECURE_BOOT=y
|
||||
CONFIG_IMX_HAB=y
|
||||
CONFIG_TARGET_WARP7=y
|
||||
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
|
||||
CONFIG_FIT=y
|
||||
|
@ -1,7 +1,7 @@
|
||||
CONFIG_ARM=y
|
||||
CONFIG_ARCH_MX7=y
|
||||
CONFIG_SYS_TEXT_BASE=0x87800000
|
||||
CONFIG_SECURE_BOOT=y
|
||||
CONFIG_IMX_HAB=y
|
||||
CONFIG_TARGET_WARP7=y
|
||||
CONFIG_NR_DRAM_BANKS=1
|
||||
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
|
||||
|
@ -16,7 +16,7 @@ The DEK blob is generated by an authenticated U-Boot image with
|
||||
the dek_blob cmd enabled. The image used for DEK blob generation
|
||||
needs to have the following configurations enabled in Kconfig:
|
||||
|
||||
CONFIG_SECURE_BOOT=y
|
||||
CONFIG_IMX_HAB=y
|
||||
CONFIG_CMD_DEKBLOB=y
|
||||
|
||||
Note: The encrypted boot feature is only supported by HABv4 or
|
||||
|
@ -17,7 +17,7 @@ introduction_habv4.txt document.
|
||||
|
||||
The U-Boot provides support to secure boot configuration and also provide
|
||||
access to the HAB APIs exposed by the ROM vector table, the support is
|
||||
enabled by selecting the CONFIG_SECURE_BOOT option.
|
||||
enabled by selecting the CONFIG_IMX_HAB option.
|
||||
|
||||
When built with this configuration, the U-Boot provides extra functions for
|
||||
HAB, such as the HAB status logs retrievement through the hab_status command
|
||||
@ -57,12 +57,12 @@ The diagram below illustrate a signed u-boot-dtb.imx image layout:
|
||||
-------------------------------------
|
||||
|
||||
The first step is to generate an U-Boot image supporting the HAB features
|
||||
mentioned above, this can be achieved by adding CONFIG_SECURE_BOOT to the
|
||||
mentioned above, this can be achieved by adding CONFIG_IMX_HAB to the
|
||||
build configuration:
|
||||
|
||||
- Defconfig:
|
||||
|
||||
CONFIG_SECURE_BOOT=y
|
||||
CONFIG_IMX_HAB=y
|
||||
|
||||
- Kconfig:
|
||||
|
||||
|
@ -27,7 +27,7 @@ root of trust.
|
||||
|
||||
The U-Boot provides support to secure boot configuration and also provide
|
||||
access to the HAB APIs exposed by the ROM vector table, the support is
|
||||
enabled by selecting the CONFIG_SECURE_BOOT option.
|
||||
enabled by selecting the CONFIG_IMX_HAB option.
|
||||
|
||||
When built with this configuration the U-Boot correctly pads the final SPL
|
||||
image by aligning to the next 0xC00 address, so the CSF signature data
|
||||
@ -82,12 +82,12 @@ The diagram below illustrate a signed u-boot-ivt.img image layout:
|
||||
-------------------------------------
|
||||
|
||||
The first step is to generate an U-Boot image supporting the HAB features
|
||||
mentioned above, this can be achieved by adding CONFIG_SECURE_BOOT to the
|
||||
mentioned above, this can be achieved by adding CONFIG_IMX_HAB to the
|
||||
build configuration:
|
||||
|
||||
- Defconfig:
|
||||
|
||||
CONFIG_SECURE_BOOT=y
|
||||
CONFIG_IMX_HAB=y
|
||||
|
||||
- Kconfig:
|
||||
|
||||
|
@ -14,7 +14,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
#ifdef CONFIG_SPL_SIZE_LIMIT
|
||||
spl_size_limit = CONFIG_SPL_SIZE_LIMIT;
|
||||
#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_CSF_SIZE)
|
||||
#if defined(CONFIG_IMX_HAB) && defined(CONFIG_CSF_SIZE)
|
||||
spl_size_limit -= CONFIG_CSF_SIZE;
|
||||
#endif
|
||||
#ifdef CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD
|
||||
|
Loading…
Reference in New Issue
Block a user