diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2019-08-15 10:58:08 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-08-15 10:58:08 +0200 |
commit | bd1fbce74f79d647af4ee338f9193351811e80f4 (patch) | |
tree | dc119b20a406c2f7f9df0d1b7990deb876a402a4 /arch/arm/mach-imx | |
parent | 53e145d550c1ee9db907fccd7ad4d98d6aee806b (diff) | |
parent | dd5dfb6ff467f6d640e48046acedfe435c649c94 (diff) | |
download | barebox-bd1fbce74f79d647af4ee338f9193351811e80f4.tar.gz barebox-bd1fbce74f79d647af4ee338f9193351811e80f4.tar.xz |
Merge branch 'for-next/imx8-hab'
Diffstat (limited to 'arch/arm/mach-imx')
-rw-r--r-- | arch/arm/mach-imx/Kconfig | 5 | ||||
-rw-r--r-- | arch/arm/mach-imx/include/mach/habv4-imx8-gencsf.h | 59 | ||||
-rw-r--r-- | arch/arm/mach-imx/include/mach/imx-header.h | 2 | ||||
-rw-r--r-- | arch/arm/mach-imx/include/mach/xload.h | 5 | ||||
-rw-r--r-- | arch/arm/mach-imx/xload-common.c | 6 |
5 files changed, 75 insertions, 2 deletions
diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index 553d11a793..e7721621ab 100644 --- a/arch/arm/mach-imx/Kconfig +++ b/arch/arm/mach-imx/Kconfig @@ -183,6 +183,7 @@ config ARCH_IMX8MQ select COMMON_CLK_OF_PROVIDER select ARCH_HAS_FEC_IMX select HW_HAS_PCI + select PBL_VERIFY_PIGGY if HABV4 config ARCH_VF610 bool @@ -787,10 +788,10 @@ config HABV4 select HAB select NVMEM select IMX_OCOTP - depends on ARCH_IMX6 + depends on ARCH_IMX6 || ARCH_IMX8MQ depends on OFDEVICE help - High Assurance Boot, as found on i.MX28/i.MX6. + High Assurance Boot, as found on i.MX28/i.MX6/i.MX8MQ. config HAB_CERTS_ENV depends on HAB diff --git a/arch/arm/mach-imx/include/mach/habv4-imx8-gencsf.h b/arch/arm/mach-imx/include/mach/habv4-imx8-gencsf.h new file mode 100644 index 0000000000..34039ee590 --- /dev/null +++ b/arch/arm/mach-imx/include/mach/habv4-imx8-gencsf.h @@ -0,0 +1,59 @@ +/* + * This snippet can be included from a i.MX flash header configuration + * file for generating signed images. The necessary keys/certificates + * are expected in these config variables: + * + * CONFIG_HABV4_TABLE_BIN + * CONFIG_HABV4_CSF_CRT_PEM + * CONFIG_HABV4_IMG_CRT_PEM + */ +#if defined(CONFIG_HABV4) && defined(CONFIG_CPU_64) +hab [Header] +hab Version = 4.3 +hab Hash Algorithm = sha256 +hab Engine Configuration = 0 +hab Certificate Format = X509 +hab Signature Format = CMS +hab Engine = CAAM + +hab [Install SRK] +hab File = CONFIG_HABV4_TABLE_BIN +hab # SRK index within SRK-Table 0..3 +hab Source index = 0 + +hab [Install CSFK] +/* target key index in keystore 1 */ +hab File = CONFIG_HABV4_CSF_CRT_PEM + +hab [Authenticate CSF] + +hab [Unlock] +hab Engine = CAAM +hab Features = RNG + +hab [Install Key] +/* verification key index in key store (0, 2...4) */ +hab Verification index = 0 +/* target key index in key store (2...4) */ +hab Target index = 2 +hab File = CONFIG_HABV4_IMG_CRT_PEM + +hab [Authenticate Data] +/* verification key index in key store (2...4) */ +hab Verification index = 2 + +hab_blocks + +hab_encrypt [Install Secret Key] +hab_encrypt Verification index = 0 +hab_encrypt Target index = 0 +hab_encrypt_key +hab_encrypt_key_length 256 +hab_encrypt_blob_address + +hab_encrypt [Decrypt Data] +hab_encrypt Verification index = 0 +hab_encrypt Mac Bytes = 16 + +hab_encrypt_blocks +#endif diff --git a/arch/arm/mach-imx/include/mach/imx-header.h b/arch/arm/mach-imx/include/mach/imx-header.h index 50584bb24b..dc8e2eee2f 100644 --- a/arch/arm/mach-imx/include/mach/imx-header.h +++ b/arch/arm/mach-imx/include/mach/imx-header.h @@ -98,6 +98,7 @@ struct config_data { uint32_t image_size; uint32_t max_load_size; uint32_t load_size; + uint32_t pbl_code_size; char *outfile; char *srkfile; int header_version; @@ -111,6 +112,7 @@ struct config_data { int (*nop)(const struct config_data *data); int csf_space; char *csf; + int sign_image; char *signed_hdmi_firmware_file; int encrypt_image; size_t dek_size; diff --git a/arch/arm/mach-imx/include/mach/xload.h b/arch/arm/mach-imx/include/mach/xload.h index 8f141bc37e..a605e76339 100644 --- a/arch/arm/mach-imx/include/mach/xload.h +++ b/arch/arm/mach-imx/include/mach/xload.h @@ -6,7 +6,12 @@ int imx6_spi_load_image(int instance, unsigned int flash_offset, void *buf, int int imx6_spi_start_image(int instance); int imx6_esdhc_start_image(int instance); int imx8_esdhc_start_image(int instance); +int imx8_esdhc_load_piggy(int instance); int imx_image_size(void); +int piggydata_size(void); + +extern unsigned char input_data[]; +extern unsigned char input_data_end[]; #endif /* __MACH_XLOAD_H */ diff --git a/arch/arm/mach-imx/xload-common.c b/arch/arm/mach-imx/xload-common.c index c5727eba38..bd6405258e 100644 --- a/arch/arm/mach-imx/xload-common.c +++ b/arch/arm/mach-imx/xload-common.c @@ -8,3 +8,9 @@ int imx_image_size(void) /* i.MX header is 4k */ return barebox_image_size + SZ_4K; } + +int piggydata_size(void) +{ + return input_data_end - input_data; +} + |