| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The code was leveraged from u-boot commit:
29067abfaf39 iMX: adding parsing to hab_status command
by: Ulises Cardenas <Ulises.Cardenas@freescale.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current code only retrieves the HAB errors from the ROM. If there are HAB
warnings during startup, the code throws this wrong error message.
> HABv4: ERROR: Recompile with larger event data buffer (at least 36 bytes)
The correct solution is to retrieve the warnings from the ROM, too.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
to pr_err()
This way the events will be printed into the dmesg buffer,
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| | |
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|/
|
|
|
|
|
|
| |
This is now recommended for all systems. Especially for the HAB usecase
disallowing alternative boot selection after WDOG reset is essential.
Signed-off-by: Bastian Stender <bst@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Secure boot with HAB requires handling of the super root key hash
and actually locking down the device. The related information is
stored in the i.MX fusebox device (IIM on older SoCs, OCOTP on newer
SoCs). This patch adds several convenience functions to store and
read the super root key hash and to lock down a SoC. Also we add
a command to do this from the command line.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
The RVT table contains the pointers to the HAB API functions and is
located at 0x00000100.
Signed-off-by: Jan Remmet <j.remmet@phytec.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
| |
Newer i.MX SoCs have the RVT at 0x98, not at 0x94 any more.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The HABv4 functions need access a part of the ROM which is
located in the zero page. This must be done early, before the
MMU has been configured and the zero page has been set to faulting.
The HAB functions currently use cpu_is_imxxy(). At the stage where
HAB is called the i.MX CPU type variable is not yet initialized,
so this code only works when only one i.MX type is enabled and
cpu_is_imxxy() are compile time constants.
To fix HAB support when more than one i.MX type is enabled make the
HAB status function SoC specific so that we can drop the use of
cpu_is_imxxy().
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
Status reporting for HABv3 is different from HABv4. Add a status
report function for HABv3.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
There's not only HABv4 but also HABv3. No need to put the corresponding
code in separate directories, so rename the habv4 directory to hab.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|