From patchwork Tue Aug 23 21:55:21 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gary Bisson X-Patchwork-Id: 662068 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 3sJklx5bRSz9t0t for ; Wed, 24 Aug 2016 07:56:13 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=boundarydevices-com.20150623.gappssmtp.com header.i=@boundarydevices-com.20150623.gappssmtp.com header.b=T64zCqJl; dkim-atps=neutral Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 93543A7533; Tue, 23 Aug 2016 23:56:01 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P17hF1PMhVQg; Tue, 23 Aug 2016 23:56:01 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 847394BF90; Tue, 23 Aug 2016 23:55:46 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 7BBC64B62B for ; Tue, 23 Aug 2016 23:55:39 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92njBSy4VgfX for ; Tue, 23 Aug 2016 23:55:39 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from mail-wm0-f41.google.com (mail-wm0-f41.google.com [74.125.82.41]) by theia.denx.de (Postfix) with ESMTPS id 46EAE4A039 for ; Tue, 23 Aug 2016 23:55:34 +0200 (CEST) Received: by mail-wm0-f41.google.com with SMTP id i5so1594085wmg.0 for ; Tue, 23 Aug 2016 14:55:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boundarydevices-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=051zNa6imTRQTHmhQ57qVZ0l+ZSmp1flSWhfYnJ57iA=; b=T64zCqJlhw9+Amjb2X0+QQ1NMBQjqZNQO3LjW7InPGLIiNNn9Kyn5VQviTvuHUWpIs gWR0RfhcK+N0D/BRlhx10h2eIUe0VASaPxqSRe6Mcn3XAynmRUchDesLbHSz4kPasM2x Ityxz4pZOpGPOz2PA1wUVxI77lxEkbxjFlEQqjhfwZGfzVVGxxa6R2YY/HF1To8AM3M4 SglmBPAU+AViwu22CVd2vO87f6ujRJR8hgJa7uMsonfTzj87KbD5gwAl8Q18QpAAZdrP JJjfFpqrLnQYHdTEPK/REC3m1Sbb6rxYQ5eQiyw8nyf+3bKE0DUSS9Yttroyk8b9ykB8 b7/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=051zNa6imTRQTHmhQ57qVZ0l+ZSmp1flSWhfYnJ57iA=; b=AEs6wVpcnqXEkfsjy4myIAkcmzJwBKxHN3sBsahx/aHGcZOj9WQXn+/n62GB8hcLN/ HGfylN5XxJReDba+pY1H2BBhxM7JSixuF2x0KuJ23PrQq1F5jDegvXtmg2SGXyjdiQeK LLl5k1mEJTrzuvRKS7KkZEsf5ZlZfv3d0F9viFYbgD1jBU6eiov8s1YuQNNYGfhnmKrQ XilpyigESu1b4Mi/2GmhBFFhGPb9anL3DcRNerv+3M5XzB5qKssnbBTwlQmXUm2cgh77 G8wd+3Rbul/r5gpZpUi3p+OeudO5NMDVDUhvBF29E/JjqLQqhVS570Yj5xalaWzx/cNo wAzA== X-Gm-Message-State: AEkoouvutX6JXotAYfVNh9CsLt1c+pwqWm79IvYOCmnFUCfvAbV97N5tdClgPVKzFhGSgQ== X-Received: by 10.28.50.199 with SMTP id y190mr23096799wmy.61.1471989334032; Tue, 23 Aug 2016 14:55:34 -0700 (PDT) Received: from t450s.lan (89-92-156-188.hfc.dyn.abo.bbox.fr. [89.92.156.188]) by smtp.googlemail.com with ESMTPSA id a9sm6123564wjf.16.2016.08.23.14.55.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Aug 2016 14:55:32 -0700 (PDT) From: Gary Bisson To: u-boot@lists.denx.de Date: Tue, 23 Aug 2016 23:55:21 +0200 Message-Id: <1471989321-25280-4-git-send-email-gary.bisson@boundarydevices.com> X-Mailer: git-send-email 2.8.1 In-Reply-To: <1471989321-25280-1-git-send-email-gary.bisson@boundarydevices.com> References: <1471989321-25280-1-git-send-email-gary.bisson@boundarydevices.com> Cc: Gary Bisson Subject: [U-Boot] [PATCH 3/3] nitrogen6x: add secure boot support X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Selecting the proper options to enable the build of the HAB tools. Also adding a CSF section to the imx final image so it can contain the signature information. Note, this support is disabled by default, one will have to select the SECURE_BOOT configuration through menuconfig to enable it. Signed-off-by: Gary Bisson --- board/boundary/nitrogen6x/nitrogen6dl.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6dl2g.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6q.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6q2g.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6s.cfg | 3 +++ board/boundary/nitrogen6x/nitrogen6s1g.cfg | 3 +++ include/configs/nitrogen6x.h | 9 +++++++++ 7 files changed, 27 insertions(+) diff --git a/board/boundary/nitrogen6x/nitrogen6dl.cfg b/board/boundary/nitrogen6x/nitrogen6dl.cfg index 1cdccad..5c3e961 100644 --- a/board/boundary/nitrogen6x/nitrogen6dl.cfg +++ b/board/boundary/nitrogen6x/nitrogen6dl.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg index 516d67e..fe19ed0 100644 --- a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg +++ b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6q.cfg b/board/boundary/nitrogen6x/nitrogen6q.cfg index b6642e6..60e1885 100644 --- a/board/boundary/nitrogen6x/nitrogen6q.cfg +++ b/board/boundary/nitrogen6x/nitrogen6q.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6q2g.cfg b/board/boundary/nitrogen6x/nitrogen6q2g.cfg index fe6dfc1..7a3ee94 100644 --- a/board/boundary/nitrogen6x/nitrogen6q2g.cfg +++ b/board/boundary/nitrogen6x/nitrogen6q2g.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6s.cfg b/board/boundary/nitrogen6x/nitrogen6s.cfg index ca30cd6..2540b7b 100644 --- a/board/boundary/nitrogen6x/nitrogen6s.cfg +++ b/board/boundary/nitrogen6x/nitrogen6s.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/board/boundary/nitrogen6x/nitrogen6s1g.cfg b/board/boundary/nitrogen6x/nitrogen6s1g.cfg index b1489fb..946af7b 100644 --- a/board/boundary/nitrogen6x/nitrogen6s1g.cfg +++ b/board/boundary/nitrogen6x/nitrogen6s1g.cfg @@ -20,6 +20,9 @@ BOOT_FROM spi #define __ASSEMBLY__ #include +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif #include "asm/arch/mx6-ddr.h" #include "asm/arch/iomux.h" #include "asm/arch/crm_regs.h" diff --git a/include/configs/nitrogen6x.h b/include/configs/nitrogen6x.h index b651eb3..3281e42 100644 --- a/include/configs/nitrogen6x.h +++ b/include/configs/nitrogen6x.h @@ -35,6 +35,15 @@ #define CONFIG_SF_DEFAULT_MODE (SPI_MODE_0) #endif +/* Secure boot (HAB) support */ +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_SYS_FSL_SEC_COMPAT 4 +#define CONFIG_FSL_CAAM +#define CONFIG_CMD_DEKBLOB +#define CONFIG_SYS_FSL_SEC_LE +#endif + /* I2C Configs */ #define CONFIG_SYS_I2C #define CONFIG_SYS_I2C_MXC