Message ID | 1471989321-25280-4-git-send-email-gary.bisson@boundarydevices.com |
---|---|
State | Superseded |
Delegated to: | Stefano Babic |
Headers | show |
Hi Gary, On 08/23/2016 02:55 PM, Gary Bisson wrote: > Selecting the proper options to enable the build of the HAB tools. > > Also adding a CSF section to the imx final image so it can contain > the signature information. > > Note, this support is disabled by default, one will have to select > the SECURE_BOOT configuration through menuconfig to enable it. > > Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com> > --- > board/boundary/nitrogen6x/nitrogen6dl.cfg | 3 +++ > board/boundary/nitrogen6x/nitrogen6dl2g.cfg | 3 +++ > board/boundary/nitrogen6x/nitrogen6q.cfg | 3 +++ > board/boundary/nitrogen6x/nitrogen6q2g.cfg | 3 +++ > board/boundary/nitrogen6x/nitrogen6s.cfg | 3 +++ > board/boundary/nitrogen6x/nitrogen6s1g.cfg | 3 +++ > include/configs/nitrogen6x.h | 9 +++++++++ > 7 files changed, 27 insertions(+) > > diff --git a/board/boundary/nitrogen6x/nitrogen6dl.cfg b/board/boundary/nitrogen6x/nitrogen6dl.cfg > index 1cdccad..5c3e961 100644 > --- a/board/boundary/nitrogen6x/nitrogen6dl.cfg > +++ b/board/boundary/nitrogen6x/nitrogen6dl.cfg > @@ -20,6 +20,9 @@ BOOT_FROM spi > > #define __ASSEMBLY__ > #include <config.h> > +#ifdef CONFIG_SECURE_BOOT > +CSF CONFIG_CSF_SIZE > +#endif > #include "asm/arch/mx6-ddr.h" > #include "asm/arch/iomux.h" > #include "asm/arch/crm_regs.h" > diff --git a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > index 516d67e..fe19ed0 100644 > --- a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > +++ b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > @@ -20,6 +20,9 @@ BOOT_FROM spi > > #define __ASSEMBLY__ > #include <config.h> > +#ifdef CONFIG_SECURE_BOOT > +CSF CONFIG_CSF_SIZE > +#endif > #include "asm/arch/mx6-ddr.h" > #include "asm/arch/iomux.h" > #include "asm/arch/crm_regs.h" > diff --git a/board/boundary/nitrogen6x/nitrogen6q.cfg b/board/boundary/nitrogen6x/nitrogen6q.cfg > index b6642e6..60e1885 100644 > --- a/board/boundary/nitrogen6x/nitrogen6q.cfg > +++ b/board/boundary/nitrogen6x/nitrogen6q.cfg > @@ -20,6 +20,9 @@ BOOT_FROM spi > > #define __ASSEMBLY__ > #include <config.h> > +#ifdef CONFIG_SECURE_BOOT > +CSF CONFIG_CSF_SIZE > +#endif > #include "asm/arch/mx6-ddr.h" > #include "asm/arch/iomux.h" > #include "asm/arch/crm_regs.h" > diff --git a/board/boundary/nitrogen6x/nitrogen6q2g.cfg b/board/boundary/nitrogen6x/nitrogen6q2g.cfg > index fe6dfc1..7a3ee94 100644 > --- a/board/boundary/nitrogen6x/nitrogen6q2g.cfg > +++ b/board/boundary/nitrogen6x/nitrogen6q2g.cfg > @@ -20,6 +20,9 @@ BOOT_FROM spi > > #define __ASSEMBLY__ > #include <config.h> > +#ifdef CONFIG_SECURE_BOOT > +CSF CONFIG_CSF_SIZE > +#endif > #include "asm/arch/mx6-ddr.h" > #include "asm/arch/iomux.h" > #include "asm/arch/crm_regs.h" > diff --git a/board/boundary/nitrogen6x/nitrogen6s.cfg b/board/boundary/nitrogen6x/nitrogen6s.cfg > index ca30cd6..2540b7b 100644 > --- a/board/boundary/nitrogen6x/nitrogen6s.cfg > +++ b/board/boundary/nitrogen6x/nitrogen6s.cfg > @@ -20,6 +20,9 @@ BOOT_FROM spi > > #define __ASSEMBLY__ > #include <config.h> > +#ifdef CONFIG_SECURE_BOOT > +CSF CONFIG_CSF_SIZE > +#endif > #include "asm/arch/mx6-ddr.h" > #include "asm/arch/iomux.h" > #include "asm/arch/crm_regs.h" > diff --git a/board/boundary/nitrogen6x/nitrogen6s1g.cfg b/board/boundary/nitrogen6x/nitrogen6s1g.cfg > index b1489fb..946af7b 100644 > --- a/board/boundary/nitrogen6x/nitrogen6s1g.cfg > +++ b/board/boundary/nitrogen6x/nitrogen6s1g.cfg > @@ -20,6 +20,9 @@ BOOT_FROM spi > > #define __ASSEMBLY__ > #include <config.h> > +#ifdef CONFIG_SECURE_BOOT > +CSF CONFIG_CSF_SIZE > +#endif > #include "asm/arch/mx6-ddr.h" > #include "asm/arch/iomux.h" > #include "asm/arch/crm_regs.h" > diff --git a/include/configs/nitrogen6x.h b/include/configs/nitrogen6x.h > index b651eb3..3281e42 100644 > --- a/include/configs/nitrogen6x.h > +++ b/include/configs/nitrogen6x.h > @@ -35,6 +35,15 @@ > #define CONFIG_SF_DEFAULT_MODE (SPI_MODE_0) > #endif > > +/* Secure boot (HAB) support */ > +#ifdef CONFIG_SECURE_BOOT > +#define CONFIG_CSF_SIZE 0x2000 > +#define CONFIG_SYS_FSL_SEC_COMPAT 4 > +#define CONFIG_FSL_CAAM > +#define CONFIG_CMD_DEKBLOB > +#define CONFIG_SYS_FSL_SEC_LE > +#endif > + I agree with the comment in your cover letter, that this belongs in a common place.
Hi Eric, all, On Tue, Aug 23, 2016 at 05:35:14PM -0700, Eric Nelson wrote: > Hi Gary, > > On 08/23/2016 02:55 PM, Gary Bisson wrote: > > Selecting the proper options to enable the build of the HAB tools. > > > > Also adding a CSF section to the imx final image so it can contain > > the signature information. > > > > Note, this support is disabled by default, one will have to select > > the SECURE_BOOT configuration through menuconfig to enable it. > > > > Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com> > > --- > > board/boundary/nitrogen6x/nitrogen6dl.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6dl2g.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6q.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6q2g.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6s.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6s1g.cfg | 3 +++ > > include/configs/nitrogen6x.h | 9 +++++++++ > > 7 files changed, 27 insertions(+) > > > > diff --git a/board/boundary/nitrogen6x/nitrogen6dl.cfg b/board/boundary/nitrogen6x/nitrogen6dl.cfg > > index 1cdccad..5c3e961 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6dl.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6dl.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > > index 516d67e..fe19ed0 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6q.cfg b/board/boundary/nitrogen6x/nitrogen6q.cfg > > index b6642e6..60e1885 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6q.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6q.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6q2g.cfg b/board/boundary/nitrogen6x/nitrogen6q2g.cfg > > index fe6dfc1..7a3ee94 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6q2g.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6q2g.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6s.cfg b/board/boundary/nitrogen6x/nitrogen6s.cfg > > index ca30cd6..2540b7b 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6s.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6s.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6s1g.cfg b/board/boundary/nitrogen6x/nitrogen6s1g.cfg > > index b1489fb..946af7b 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6s1g.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6s1g.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/include/configs/nitrogen6x.h b/include/configs/nitrogen6x.h > > index b651eb3..3281e42 100644 > > --- a/include/configs/nitrogen6x.h > > +++ b/include/configs/nitrogen6x.h > > @@ -35,6 +35,15 @@ > > #define CONFIG_SF_DEFAULT_MODE (SPI_MODE_0) > > #endif > > > > +/* Secure boot (HAB) support */ > > +#ifdef CONFIG_SECURE_BOOT > > +#define CONFIG_CSF_SIZE 0x2000 > > +#define CONFIG_SYS_FSL_SEC_COMPAT 4 > > +#define CONFIG_FSL_CAAM > > +#define CONFIG_CMD_DEKBLOB > > +#define CONFIG_SYS_FSL_SEC_LE > > +#endif > > + > > I agree with the comment in your cover letter, that this belongs > in a common place. Does Fabio agree with that? Also, should we differenciate the options needed for signature only (SECURE_BOOT and CSF_SIZE) to the other that are only useful when encryption is needed. Regards, Gary
Hi Gary, On Wed, Aug 24, 2016 at 7:17 AM, Gary Bisson <gary.bisson@boundarydevices.com> wrote: >> I agree with the comment in your cover letter, that this belongs >> in a common place. > > Does Fabio agree with that? Also, should we differenciate the options What about placing the options below: +/* Secure boot (HAB) support */ +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_SYS_FSL_SEC_COMPAT 4 +#define CONFIG_FSL_CAAM +#define CONFIG_CMD_DEKBLOB +#define CONFIG_SYS_FSL_SEC_LE +#endif ,into include/configs/mx6_common.h ? Thanks
diff --git a/board/boundary/nitrogen6x/nitrogen6dl.cfg b/board/boundary/nitrogen6x/nitrogen6dl.cfg index 1cdccad..5c3e961 100644 --- a/board/boundary/nitrogen6x/nitrogen6dl.cfg +++ b/board/boundary/nitrogen6x/nitrogen6dl.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include <config.h> +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg index 516d67e..fe19ed0 100644 --- a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg +++ b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include <config.h> +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6q.cfg b/board/boundary/nitrogen6x/nitrogen6q.cfg index b6642e6..60e1885 100644 --- a/board/boundary/nitrogen6x/nitrogen6q.cfg +++ b/board/boundary/nitrogen6x/nitrogen6q.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include <config.h> +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6q2g.cfg b/board/boundary/nitrogen6x/nitrogen6q2g.cfg index fe6dfc1..7a3ee94 100644 --- a/board/boundary/nitrogen6x/nitrogen6q2g.cfg +++ b/board/boundary/nitrogen6x/nitrogen6q2g.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include <config.h> +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6s.cfg b/board/boundary/nitrogen6x/nitrogen6s.cfg index ca30cd6..2540b7b 100644 --- a/board/boundary/nitrogen6x/nitrogen6s.cfg +++ b/board/boundary/nitrogen6x/nitrogen6s.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include <config.h> +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6s1g.cfg b/board/boundary/nitrogen6x/nitrogen6s1g.cfg index b1489fb..946af7b 100644 --- a/board/boundary/nitrogen6x/nitrogen6s1g.cfg +++ b/board/boundary/nitrogen6x/nitrogen6s1g.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include <config.h> +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/include/configs/nitrogen6x.h b/include/configs/nitrogen6x.h index b651eb3..3281e42 100644 --- a/include/configs/nitrogen6x.h +++ b/include/configs/nitrogen6x.h @@ -35,6 +35,15 @@ #define CONFIG_SF_DEFAULT_MODE (SPI_MODE_0) #endif +/* Secure boot (HAB) support */ +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_SYS_FSL_SEC_COMPAT 4 +#define CONFIG_FSL_CAAM +#define CONFIG_CMD_DEKBLOB +#define CONFIG_SYS_FSL_SEC_LE +#endif + /* I2C Configs */ #define CONFIG_SYS_I2C #define CONFIG_SYS_I2C_MXC
Selecting the proper options to enable the build of the HAB tools. Also adding a CSF section to the imx final image so it can contain the signature information. Note, this support is disabled by default, one will have to select the SECURE_BOOT configuration through menuconfig to enable it. Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com> --- board/boundary/nitrogen6x/nitrogen6dl.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6dl2g.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6q.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6q2g.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6s.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6s1g.cfg | 3 +++ include/configs/nitrogen6x.h | 9 +++++++++ 7 files changed, 27 insertions(+)