diff options
| author | Marc Kleine-Budde <mkl@pengutronix.de> | 2015-04-13 14:27:02 +0200 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2015-04-15 07:12:17 +0200 |
| commit | d3be1ab1fcd20aa83af228df552eb74fa68c5c89 (patch) | |
| tree | c79219b6dd840cb9e5003d8a89660a8481d77ec8 /arch | |
| parent | b6c786528b291733f979e57ae5e62803dfc44bbb (diff) | |
| download | barebox-d3be1ab1fcd20aa83af228df552eb74fa68c5c89.tar.gz barebox-d3be1ab1fcd20aa83af228df552eb74fa68c5c89.tar.xz | |
images: add HABv4 support for i.MX6
This patch adds high assurance boot support (HABv4) image generation to
barebox, currently tested on i.MX6 only.
In order to build a signed barebox image, add a new image target to
images/Makefile.imx as illustrated in the diff below:
- - - a/images/Makefile.imx
+ + + b/images/Makefile.imx
@@ -163,10 +163,14 @@ image-$(CONFIG_MACH_SABRELITE) += barebox-freescale-imx6dl-sabrelite.img
pblx-$(CONFIG_MACH_SABRESD) += start_imx6q_sabresd
CFG_start_imx6q_sabresd.pblx.imximg = $(board)/freescale-mx6-sabresd/flash-header-mx6-sabresd.imxcfg
FILE_barebox-freescale-imx6q-sabresd.img = start_imx6q_sabresd.pblx.imximg
image-$(CONFIG_MACH_SABRESD) += barebox-freescale-imx6q-sabresd.img
+CSF_start_imx6q_sabresd.pblx.imximg = $(havb4_imx6csf)
+FILE_barebox-freescale-imx6q-sabresd-signed.img = start_imx6q_sabresd.pblx.imximg.signed
+image-$(CONFIG_MACH_SABRESD) += barebox-freescale-imx6q-sabresd-signed.img
+
Here the default i.MX6 CSF file $(havb4_imx6csf) is used, it's generated during
build on from the template "scripts/habv4/habv4-imx6.csf.in". You can configure
the paths to the SRK table and certificates via: System Type -> i.MX specific
settings -> HABv4 support.
The proprietary tool "cst" by Freescale tool is expected in the PATH.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/arm/mach-imx/Kconfig | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index 4d257a87a6..c713477701 100644 --- a/arch/arm/mach-imx/Kconfig +++ b/arch/arm/mach-imx/Kconfig @@ -675,6 +675,46 @@ config IMX_OCOTP_WRITE mw -l -d /dev/imx-ocotp 0x8C 0x00001234 mw -l -d /dev/imx-ocotp 0x88 0x56789ABC +config HABV4 + tristate "HABv4 support" + depends on ARCH_IMX6 + help + High Assurance Boot, as found on i.MX28/i.MX6. + +if HABV4 + +config HABV4_TABLE_BIN + string "Path to SRK table" + default "../crts/SRK_1_2_3_4_table.bin" + help + Path to the Super Root Key (SRK) table, produced by the + Freescale Code Signing Tool (cst). + + This file will be inserted into the Command Sequence File + (CSF) when using the CSF template that comes with barebox. + +config HABV4_CSF_CRT_PEM + string "Path to CSF certificate" + default "../crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem" + help + Path to the Command Sequence File (CSF) certificate, produced by the + Freescale Public Key Infrastructure (PKI) script. + + This file will be inserted into the Command Sequence File + (CSF) when using the CSF template that comes with barebox. + +config HABV4_IMG_CRT_PEM + string "Path to IMG certificate" + default "../crts/IMG_1_sha256_4096_65537_v3_usr_crt.pem" + help + Path to the Image certificate, produced by the Freescale + Public Key Infrastructure (PKI) script. + + This file will be inserted into the Command Sequence File + (CSF) when using the CSF template that comes with barebox. + +endif + endmenu endif |