diff options
| author | Maik Otto <m.otto@phytec.de> | 2020-09-17 11:36:55 +0200 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2020-09-23 11:20:41 +0200 |
| commit | b0ba3a6ad0bc859fb79a505a2b42abee883d26c1 (patch) | |
| tree | 2745e8369275e586edb89e39420d76e9d68870be /arch/arm/mach-imx | |
| parent | c76289227eb1219ea6d123a687dd7832d9d36e30 (diff) | |
| download | barebox-b0ba3a6ad0bc859fb79a505a2b42abee883d26c1.tar.gz barebox-b0ba3a6ad0bc859fb79a505a2b42abee883d26c1.tar.xz | |
arch: arm: mach-imx: Add habv4 config file for i.MX6ULL
The i.MX6ULL has no CAAM engine for Secure Boot on HABv4 (NXP AN4581).
For i.MX6ULL the engine Software (SW) must used for the image
validation.
Signed-off-by: Maik Otto <m.otto@phytec.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'arch/arm/mach-imx')
| -rw-r--r-- | arch/arm/mach-imx/include/mach/habv4-imx6-gencsf-template.h | 64 | ||||
| -rw-r--r-- | arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h | 59 | ||||
| -rw-r--r-- | arch/arm/mach-imx/include/mach/habv4-imx6ull-gencsf.h | 4 |
3 files changed, 71 insertions, 56 deletions
diff --git a/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf-template.h b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf-template.h new file mode 100644 index 0000000000..668fb0646f --- /dev/null +++ b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf-template.h @@ -0,0 +1,64 @@ +/* + * This snippet can be included from a i.MX flash header configuration + * file for generating signed images. The necessary keys/certificates + * are expected in these config variables: + * + * CONFIG_HABV4_TABLE_BIN + * CONFIG_HABV4_CSF_CRT_PEM + * CONFIG_HABV4_IMG_CRT_PEM + */ + +#ifndef SETUP_HABV4_ENGINE +#error "SETUP_HABV4_ENGINE undefined" +#endif + +hab [Header] +hab Version = 4.1 +hab Hash Algorithm = sha256 +hab Engine Configuration = 0 +hab Certificate Format = X509 +hab Signature Format = CMS +hab Engine = SETUP_HABV4_ENGINE + +hab [Install SRK] +hab File = CONFIG_HABV4_TABLE_BIN +hab # SRK index within SRK-Table 0..3 +hab Source index = CONFIG_HABV4_SRK_INDEX + +hab [Install CSFK] +/* target key index in keystore 1 */ +hab File = CONFIG_HABV4_CSF_CRT_PEM + +hab [Authenticate CSF] + +hab [Unlock] +hab Engine = SETUP_HABV4_ENGINE +#ifdef SETUP_HABV4_FEATURES +hab Features = SETUP_HABV4_FEATURES +#endif + +hab [Install Key] +/* verification key index in key store (0, 2...4) */ +hab Verification index = 0 +/* target key index in key store (2...4) */ +hab Target index = 2 +hab File = CONFIG_HABV4_IMG_CRT_PEM + +hab [Authenticate Data] +/* verification key index in key store (2...4) */ +hab Verification index = 2 + +hab_blocks + +hab_encrypt [Install Secret Key] +hab_encrypt Verification index = 0 +hab_encrypt Target index = 0 +hab_encrypt_key +hab_encrypt_key_length 256 +hab_encrypt_blob_address + +hab_encrypt [Decrypt Data] +hab_encrypt Verification index = 0 +hab_encrypt Mac Bytes = 16 + +hab_encrypt_blocks diff --git a/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h index 17c4d79567..ca741b2736 100644 --- a/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h +++ b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h @@ -1,58 +1,5 @@ -/* - * This snippet can be included from a i.MX flash header configuration - * file for generating signed images. The necessary keys/certificates - * are expected in these config variables: - * - * CONFIG_HABV4_TABLE_BIN - * CONFIG_HABV4_CSF_CRT_PEM - * CONFIG_HABV4_IMG_CRT_PEM - */ -hab [Header] -hab Version = 4.1 -hab Hash Algorithm = sha256 -hab Engine Configuration = 0 -hab Certificate Format = X509 -hab Signature Format = CMS -hab Engine = CAAM +#define SETUP_HABV4_ENGINE CAAM +#define SETUP_HABV4_FEATURES RNG, MID -hab [Install SRK] -hab File = CONFIG_HABV4_TABLE_BIN -hab # SRK index within SRK-Table 0..3 -hab Source index = CONFIG_HABV4_SRK_INDEX - -hab [Install CSFK] -/* target key index in keystore 1 */ -hab File = CONFIG_HABV4_CSF_CRT_PEM - -hab [Authenticate CSF] - -hab [Unlock] -hab Engine = CAAM -hab Features = RNG, MID - -hab [Install Key] -/* verification key index in key store (0, 2...4) */ -hab Verification index = 0 -/* target key index in key store (2...4) */ -hab Target index = 2 -hab File = CONFIG_HABV4_IMG_CRT_PEM - -hab [Authenticate Data] -/* verification key index in key store (2...4) */ -hab Verification index = 2 - -hab_blocks - -hab_encrypt [Install Secret Key] -hab_encrypt Verification index = 0 -hab_encrypt Target index = 0 -hab_encrypt_key -hab_encrypt_key_length 256 -hab_encrypt_blob_address - -hab_encrypt [Decrypt Data] -hab_encrypt Verification index = 0 -hab_encrypt Mac Bytes = 16 - -hab_encrypt_blocks +#include <mach/habv4-imx6-gencsf-template.h> diff --git a/arch/arm/mach-imx/include/mach/habv4-imx6ull-gencsf.h b/arch/arm/mach-imx/include/mach/habv4-imx6ull-gencsf.h new file mode 100644 index 0000000000..6a558b880b --- /dev/null +++ b/arch/arm/mach-imx/include/mach/habv4-imx6ull-gencsf.h @@ -0,0 +1,4 @@ + +#define SETUP_HABV4_ENGINE SW + +#include <mach/habv4-imx6-gencsf-template.h> |