diff options
| author | Marc Kleine-Budde <mkl@pengutronix.de> | 2015-04-13 14:27:02 +0200 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2015-04-15 07:12:17 +0200 |
| commit | d3be1ab1fcd20aa83af228df552eb74fa68c5c89 (patch) | |
| tree | c79219b6dd840cb9e5003d8a89660a8481d77ec8 /images | |
| parent | b6c786528b291733f979e57ae5e62803dfc44bbb (diff) | |
| download | barebox-d3be1ab1fcd20aa83af228df552eb74fa68c5c89.tar.gz barebox-d3be1ab1fcd20aa83af228df552eb74fa68c5c89.tar.xz | |
images: add HABv4 support for i.MX6
This patch adds high assurance boot support (HABv4) image generation to
barebox, currently tested on i.MX6 only.
In order to build a signed barebox image, add a new image target to
images/Makefile.imx as illustrated in the diff below:
- - - a/images/Makefile.imx
+ + + b/images/Makefile.imx
@@ -163,10 +163,14 @@ image-$(CONFIG_MACH_SABRELITE) += barebox-freescale-imx6dl-sabrelite.img
pblx-$(CONFIG_MACH_SABRESD) += start_imx6q_sabresd
CFG_start_imx6q_sabresd.pblx.imximg = $(board)/freescale-mx6-sabresd/flash-header-mx6-sabresd.imxcfg
FILE_barebox-freescale-imx6q-sabresd.img = start_imx6q_sabresd.pblx.imximg
image-$(CONFIG_MACH_SABRESD) += barebox-freescale-imx6q-sabresd.img
+CSF_start_imx6q_sabresd.pblx.imximg = $(havb4_imx6csf)
+FILE_barebox-freescale-imx6q-sabresd-signed.img = start_imx6q_sabresd.pblx.imximg.signed
+image-$(CONFIG_MACH_SABRESD) += barebox-freescale-imx6q-sabresd-signed.img
+
Here the default i.MX6 CSF file $(havb4_imx6csf) is used, it's generated during
build on from the template "scripts/habv4/habv4-imx6.csf.in". You can configure
the paths to the SRK table and certificates via: System Type -> i.MX specific
settings -> HABv4 support.
The proprietary tool "cst" by Freescale tool is expected in the PATH.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'images')
| -rw-r--r-- | images/.gitignore | 2 | ||||
| -rw-r--r-- | images/Makefile | 3 | ||||
| -rw-r--r-- | images/Makefile.imxhabv4 | 48 |
3 files changed, 52 insertions, 1 deletions
diff --git a/images/.gitignore b/images/.gitignore index c5377d9f65..b5004fe48f 100644 --- a/images/.gitignore +++ b/images/.gitignore @@ -3,6 +3,8 @@ *.pblb *.img *.imximg +*.imximg.prep +*.imximg.signed *.map *.src *.kwbimg diff --git a/images/Makefile b/images/Makefile index c01179081d..587cb2651f 100644 --- a/images/Makefile +++ b/images/Makefile @@ -102,11 +102,12 @@ objboard = $(objtree)/arch/$(ARCH)/boards include $(srctree)/images/Makefile.am33xx include $(srctree)/images/Makefile.imx +include $(srctree)/images/Makefile.imxhabv4 include $(srctree)/images/Makefile.mvebu +include $(srctree)/images/Makefile.mxs include $(srctree)/images/Makefile.rockchip include $(srctree)/images/Makefile.socfpga include $(srctree)/images/Makefile.tegra -include $(srctree)/images/Makefile.mxs targets += $(image-y) pbl.lds barebox.x barebox.z targets += $(patsubst %,%.pblx,$(pblx-y)) diff --git a/images/Makefile.imxhabv4 b/images/Makefile.imxhabv4 new file mode 100644 index 0000000000..9eb9538417 --- /dev/null +++ b/images/Makefile.imxhabv4 @@ -0,0 +1,48 @@ +# -*-makefile-*- +# +# barebox image generation Makefile for HABv4 images +# + +# default csf templates +havb4_imx6csf = $(srctree)/scripts/habv4/habv4-imx6.csf.in +habv4_imx2csf = $(srctree)/scripts/habv4/habv4-imx28.csf.in + +# %.imximg.prep - Convert in i.MX image, with preparation for signature +# ---------------------------------------------------------------- +quiet_cmd_imx_prep_image = IMX-PREP-IMG $@ + cmd_imx_prep_image = $(CPP) $(imxcfg_cpp_flags) -o $(imximg-tmp) $(word 2,$^) ; \ + $< -o $@ -b -c $(imximg-tmp) -p -f $(word 3,$^) + +.SECONDEXPANSION: +$(obj)/%.imximg.prep: $(objtree)/scripts/imx/imx-image $$(CFG_%.imximg) $(obj)/% + $(call if_changed,imx_prep_image) + +# %.habv4.csf - create Command Sequence File from template +# ---------------------------------------------------------------- +quiet_cmd_csf = CSF $@ + cmd_csf = TABLE_BIN=$(CONFIG_HABV4_TABLE_BIN) \ + CSF_CRT_PEM=$(CONFIG_HABV4_CSF_CRT_PEM) \ + IMG_CRT_PEM=$(CONFIG_HABV4_IMG_CRT_PEM) \ + $< -f $(word 2,$^) -c $(word 3,$^) -i $(word 4,$^) -o $@ + +.SECONDEXPANSION: +$(obj)/%.habv4.csf: $(srctree)/scripts/habv4/gencsf.sh $(obj)/%.prep $$(CFG_%) $$(CSF_%) + $(call if_changed,csf) + +# %.habv4.sig - create signature and pad to 0x2000 +# ---------------------------------------------------------------- +CST = cst +quiet_cmd_habv4_sig = HAB4SIG $@ + cmd_habv4_sig = $(CST) -o $(imximg-tmp) < $(word 2,$^) > /dev/null; \ + $(OBJCOPY) -I binary -O binary --pad-to 0x2000 --gap-fill=0x5a $(imximg-tmp) $@ + +$(obj)/%.habv4.sig: $(obj)/%.prep $(obj)/%.habv4.csf + $(call if_changed,habv4_sig) + +# %.imximg.signed - concatenate bootloader and signature +# ---------------------------------------------------------------- +quiet_cmd_cat = CAT $@ + cmd_cat = cat $^ > $@ + +$(obj)/%.imximg.signed: $(obj)/%.imximg.prep $(obj)/%.imximg.habv4.sig + $(call if_changed,cat) |