Peter Robinson <pbrobin...@gmail.com>
For the entire series:
Tested-by: Breno Lima <breno.l...@nxp.com>
Thanks
Best Regards,
--
Breno Matheus Lima
___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
"pxefile_addr_r=" __stringify(CONFIG_LOADADDR) "\0" \
> > + "ramdisk_addr_r=0x8300\0" \
> > + "ramdiskaddr=0x83000000\0" \
>
> Why have a duplicate $ramdiskaddr for a new board?
>
> Regards,
> Andreas
>
> > + &qu
Fabio Estevam <fabio.este...@nxp.com>; sba...@denx.de
>> Cc: Peng Fan <peng....@nxp.com>; u-boot@lists.denx.de; Breno Matheus
>> Lima <breno.l...@nxp.com>
>> Subject: [PATCH 1/5] mx6slevk: imximage.cfg: Handle the
>> CONFIG_SECURE_BOOT case
>>
&
Hi Bryan,
2017-12-28 16:49 GMT-02:00 Bryan O'Donoghue :
> The IVT gives the absolute address of the CSF. There is no requirement for
> the CSF to be located adjacent to the IVT so lets use the address provided
> in the IVT header instead of the fixed CSF offset
Albert Aribaud <albert.u.b...@aribaud.net>
> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com>
> Cc: George McCollister <george.mccollis...@gmail.com>
> Cc: Breno Matheus Lima <brenomath...@gmail.com>
> ---
> arch/arm/mach-imx/hab.c | 118
> ++
Hi Bryan,
2017-12-28 16:49 GMT-02:00 Bryan O'Donoghue :
> u-boot command "hab_auth_img" tells a user that it takes
>
> - addr - image hex length
I think the correct is:
- addr - image hex address
Thanks,
Breno Lima
___
ngful status code has been obtained. - Breno
>
> v2:
> - Fix compilation warnings and errors in SPL highlighted by
> Breno Matheus Lima
>
> - Add CC: Breno Matheus Lima <brenomath...@gmail.com> to all patches
>
> v1:
> This patchset updates the i.MX HAB layer in u-boot to
Hi Jim,
2018-01-16 10:47 GMT-02:00 Heiko Schocher :
> Hello Fabio,
>
> Am 16.01.2018 um 12:50 schrieb Fabio Estevam:
>>
>> Hi Heiko,
>>
>> On Tue, Jan 16, 2018 at 3:29 AM, Heiko Schocher wrote:
>>
>>> And some Tested-by would be helpful ...
>>>
>>> @Stefano, @Fabio:
command can be only executed in closed devices, so
you need to run an authenticated U-Boot to prepare an encrypted boot
image.
Let us know if you have any questions during the process.
Thanks,
Breno Lima
>
> Saverio M.
>
> Il 19/01/2018 18:54, Breno Matheus Lima ha scritto:
Hi Saverio,
2018-01-19 11:12 GMT-02:00 Saverio Mori :
> Hi to the community. I have found a lot of material on secure booting and how
> to sign u-boot an uimage in order to that only trusted sw is load. This is
> good for my but i have also the opposite problem, that is
Hi Fabio,
2018-01-21 15:57 GMT-02:00 Fabio Estevam :
> From: Fabio Estevam
>
> The original text is from the time that the config options were not
> converted to Kconfig.
>
> After the conversion to Kconfig only CONFIG_SECURE_BOOT and
>
s the reliance on authenticate_image() returning
> zero is maintained.
>
> Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
> Suggested-by: Breno Matheus Lima <brenomath...@gmail.com>
> Cc: Stefano Babic <sba...@denx.de>
> Cc: Fabio Estevam <fabio.este...@
Hi Anatolij,
2018-01-11 12:54 GMT-02:00 Fabio Estevam :
> Hi Anatolij,
>
> Thanks for the fix.
>
> On Thu, Jan 11, 2018 at 12:14 PM, Anatolij Gustschin wrote:
>> HW accelerated "hash sha256 ..." command doesn't work on i.MX6UL, we get
>> "CAAM was not setup
..@aribaud.net>
> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com>
> Cc: George McCollister <george.mccollis...@gmail.com>
> Cc: Breno Matheus Lima <brenomath...@gmail.com>
> ---
> arch/arm/mach-imx/hab.c | 138
>
ticate_image() - Breno
>>
>> - Added Tested-by: Breno Matheus Lima <brenomath...@gmail.com>
>> as indicated for remainder 24/25 patches
>>
>> - Added Reviewed-by: Fabio Estevam <fabio.este...@nxp.com>
>> as indicated for remainder 24/25 patches
&g
2018-02-15 12:41 GMT-02:00 Fabio Estevam :
> Commit d695d6627803 ("spl: eMMC/SD: Provide one __weak spl_boot_mode()
> function") breaks the boot on several i.MX6 boards,
> such as cuboxi and wandboard:
>
> U-Boot SPL 2018.03-rc1-00212-g48914fc119 (Feb 10 2018 - 11:04:33
Hi Bryan,
2017-12-27 10:25 GMT-02:00 Bryan O'Donoghue :
> This patchset updates the i.MX HAB layer in u-boot to fix a list of
> identified issues and then to add and extend existing functionality.
>
> The first block of patches 0001-0006 deal with fixing existing code,
Hi Fabio,
2018-01-01 22:16 GMT-02:00 Fabio Estevam :
> From: Fabio Estevam
>
> Since commit 051ba9e082f7 ("Kconfig: mx6ull: Deselect MX6UL from
> CONFIG_MX6ULL") CONFIG_MX6ULL does not select CONFIG_MX6UL anymore, so
> take this into consideration in
Hi Bryan,
2018-01-02 14:43 GMT-02:00 Bryan O'Donoghue :
> The i.MX6 has some pretty explicit code associated with informing the IROM
> about flushing caches during authenticate_image().
>
> Looking at various pieces of documentation its pretty clear the i.MX6 IROM
>
gt; v2:
> - Fix compilation warnings and errors in SPL highlighted by
> Breno Matheus Lima
>
> - Add CC: Breno Matheus Lima <brenomath...@gmail.com> to all patches
>
> v1:
> This patchset updates the i.MX HAB layer in u-boot to fix a list of
> identified
Hi Clemens,
2017-12-20 20:08 GMT-02:00 Clemens Gruber :
> The blob_encap and blob_decap functions were not flushing the dcache
> before passing data to CAAM/DMA and not invalidating the dcache when
> getting data back.
> Therefore, blob encapsulation and decapsulation
Hi Bryan,
2017-12-27 10:25 GMT-02:00 Bryan O'Donoghue :
> The IVT header contains a magic number, fixed length and one of two version
> identifiers. Validate these settings before doing anything with a putative
> IVT binary.
>
> Signed-off-by: Bryan O'Donoghue
from Fabio Estevam can be also helpful:
https://lists.denx.de/pipermail/u-boot/2018-January/317847.html
Thanks,
Breno Lima
> All The Best,
>
> Saverio
>
> Il 20/01/2018 16:00, Breno Matheus Lima ha scritto:
>> Hi Saveiro,
>>
>> 2018-01-19 16:45 GMT-02:00 Saver
Hi All,
2018-03-12 13:07 GMT-03:00 Tom Rini <tr...@konsulko.com>:
> On Sun, Mar 11, 2018 at 03:36:16PM +0100, Stefano Babic wrote:
>> Hi Everybody,
>>
>> I have applied 1-2 as Fabio suggested. I have a couple of comments for
>> this, too:
>>
>>
Hi Bryan,
2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue :
> This patch adds hab_auth_img_or_fail() a command line function that
> encapsulates a common usage of authenticate and failover, namely if
> authenticate image fails, then drop to BootROM USB recovery mode.
>
>
Hi Bryan,
2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue :
> Subsequent patches will want to include hab.h but in doing so include it on
> an assembly compile path causing a range of compile errors. Fix the errors
> pre-emptively by encasing the majority of the
Hi Bryan,
2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue :
> This patch adds IVT_PAD_SIZE at 0xC00. The IVT header is padded to this
> size. Defining the size explicitly makes it possible to use the define to
> locate the start/end of an IVT header without using magic
Hi Bryan,
2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue :
> This patch takes a given address applies a plus or minus offset to locate
> the putative address of an IVT given a non-IVT link location.
>
> It then sets hab_ivt_address to allow for further logic/scripting
Hi Bryan,
2018-03-09 10:07 GMT-03:00 Bryan O'Donoghue :
> commit 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior
> to calling HAB authenticate function.") makes the DCD field being NULL a
> dependency.
>
> This change though will break loading and
Hi Fabio,
2018-03-08 17:40 GMT-03:00 Fabio Estevam :
> From: Fabio Estevam
>
> Sometimes imximage throws the following error:
>
> CFGSboard/freescale/vf610twr/imximage.cfg.cfgtmp
> CFGSboard/freescale/vf610twr/imximage.cfg.cfgtmp
> MKIMAGE
Hi Bryan,
2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue :
> setexpr allows us to do arithmetic for env variables - something that is
> both useful and required when doing HAB authentication without hard-coding
> HAB load addresses.
>
> Enable setexpr in the secure
Hi Bryan,
2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue :
> In order to sign images with the IMX code-signing-tool (CST) we need to
> know the load address of a given image. The best way to derive this load
> address is to make it into a define - so that u-boot.cfg
Hi Bryan,
2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue :
> Right now a region of 0x30 bytes is allocated at the end of DRAM for
> the purposes of loading an OPTEE firmware inside of it. This patch adds the
> printout of the relevant address ranges.
>
>
Hi Bryan,
2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue :
> This patch enables CONFIG_BOOTM_TEE. Once enabled its possible to
> chain-load Linux through OPTEE.
>
> Loading kernel to 0x8080
> => run loadimage
>
> Load FDT to 0x8300
> => run loadfdt
>
> Load OPTEE
accept the range provided and flush.
>
> A similar action should be taken for the begin address of a cache flush
> operation. The load address may not be aligned to a cache-line boundary, so
> ensure the passed address is aligned.
>
> Signed-off-by: Bryan O'Donoghue <bryan.odonog...
Hi Bryan,
2018-04-13 12:31 GMT-03:00 Bryan O'Donoghue :
> https://git.linaro.org/landing-teams/working/mbl/u-boot.git/log/?h=linaro-mbl%2bbod
>
> v3:
> - Reword commit message of patch #16 - Breno
>
> - This patchset now relies on five in-flight patch-sets the first
Hi All,
2018-03-27 19:44 GMT-03:00 Breno Matheus Lima <brenomath...@gmail.com>:
> Hi Bryan,
>
> 2018-03-26 11:11 GMT-03:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>:
>> This patch adds hab_auth_img_or_fail() a command line function that
>> encapsulat
inaro.org>; Utkarsh Gupta <utkarsh.gu...@nxp.com>; Breno
Matheus Lima <breno.l...@nxp.com>
Subject: [PATCH v3 1/2] imximage: Encase majority of header in __ASSEMBLY__
declaration
Subsequent patches will want to include imageimage.h but in doing so include it
on an assembly comp
inaro.org>; Utkarsh Gupta <utkarsh.gu...@nxp.com>; Breno
Matheus Lima <breno.l...@nxp.com>
Subject: [PATCH v3 2/2] imx: hab: Provide hab_auth_img_or_fail command
This patch adds hab_auth_img_or_fail() a command line function that
encapsulates a common usage of authentic
Hi Bryan,
2018-03-26 11:11 GMT-03:00 Bryan O'Donoghue :
> This patch adds hab_auth_img_or_fail() a command line function that
> encapsulates a common usage of authenticate and failover, namely if
> authenticate image fails, then drop to BootROM USB recovery mode.
>
>
Hi Rasmus,
2018-03-02 10:36 GMT-03:00 Rasmus Villemoes :
> The current makefile logic disables creation of the
> SPL.log/u-boot-ivt.img.log etc. files when V=1 is given on the command
> line, the rationale presumably being that the user wants and gets the
> information
Hi All,
2018-03-23 8:08 GMT-03:00 Rasmus Villemoes :
> The current makefile logic disables creation of the
> SPL.log/u-boot-ivt.img.log etc. files when V=1 is given on the command
> line, the rationale presumably being that the user wants and gets the
> information on
Hi Rasmus,
2018-03-23 9:40 GMT-03:00 Fabio Estevam :
> On Fri, Mar 23, 2018 at 8:08 AM, Rasmus Villemoes
> wrote:
>> The u-boot-ivt.img.log file contains 0x prefixes in the HAB Blocks line,
>> while the SPL.log does not. For consistency, and to
Hi All,
My bad, I have commented in the wrong patch, my intention was to
comment in [PATCH 1/2] Makefile: always preserve output for images
that can contain HAB Blocks.
Thanks,
Breno Lima
2018-03-24 19:06 GMT-03:00 Breno Matheus Lima <brenomath...@gmail.com>:
> Hi Rasmus,
>
> 2
Hi Bryan,
2018-03-31 17:04 GMT-03:00 Bryan O'Donoghue :
> Booting the following image with tip-of-tree we get a CAAM DECO error (and
> subsequent crash due to a kernel bug in 4.1).
>
> http://freescale.github.io/#download -> BoardsWaRPboard community - WaRP -
>
Hi Bryan,
2018-03-17 8:06 GMT-03:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>:
>
>
> On 15/03/18 16:54, Breno Matheus Lima wrote:
>>
>> Hi Bryan,
>>
>> 2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>:
>>>
>
Hi Michael,
Em sex, 2 de nov de 2018 às 19:12, Michael Heimpold escreveu:
>
> Signed-off-by: Michael Heimpold
Reviewed-by: Breno Lima
Thanks,
Breno Lima
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Hi Michael,
Em sex, 2 de nov de 2018 às 19:12, Michael Heimpold escreveu:
>
> This fixes two small typos in mxsimage.txt.
>
> Signed-off-by: Michael Heimpold
Reviewed-by: Breno Lima
Thanks,
Breno Lima
___
U-Boot mailing list
U-Boot@lists.denx.de
There is no need to have README in all i.MX documents name.
Remove README from i.MX docs name and add .txt file extension.
Signed-off-by: Breno Lima
Reviewed-by: Ye Li
---
doc/imx/common/{README.imx25 => imx25.txt}| 0
doc/imx/common/{README.imx27 => imx27.txt}| 0
This patch set is restructuring and cleaning up the current i.MX documentation
included in the U-Boot doc directory.
The current i.MX documentation is in the root directory so we cannot easily
check which one is i.MX related:
http://git.denx.de/?p=u-boot/u-boot-imx.git;a=tree;f=doc;
This series
The following documents describe device details according to the
i.MX family:
- README.imx25
- README.imx27
- README.imx5
- README.imx6
- README.mxs
Move all device common related document to doc/imx/common for a better
directory structure.
Signed-off-by: Breno Lima
---
doc/imx/{ =>
Currently the U-Boot doc/ directory contains the following files
that are only relevant for i.MX devices:
- doc/README.imx25
- doc/README.imx27
- doc/README.imx5
- doc/README.imx6
- doc/README.imximage
- doc/README.mxc_hab
- doc/README.mxs
- doc/README.mxsimage
- doc/README.sdp
Move all content
The following documents describe the image type used by the mkimage
tool to generate U-Boot images for i.MX devices.
- README.imximage
- README.mxsimage
Move all mkimage related document to doc/imx/mkimage for a better
directory structure.
Signed-off-by: Breno Lima
---
doc/imx/{ =>
The current High Assurance Boot document README.mxc_hab
include details for the following features in a single file:
- HAB Secure Boot
- HAB Encrypted Boot
Split HAB documentation in a specific directory for a cleaner
documentation structure, subsequent patches will include more
content in HAB
Currently the Serial Download Protocol tools and procedure are
documented in two places:
- doc/imx/README.sdp
- doc/imx/README.imx6
It is better to consolidate all SDP related information into
README.sdp file, so move the content from README.imx6 to
README.sdp.
Signed-off-by: Breno Lima
---
The Serial Download Protocol feature is availible in various
i.MX SoCs.
Move README.sdp document to imx/misc directory.
Signed-off-by: Breno Lima
---
doc/imx/{ => misc}/README.sdp | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename doc/imx/{ => misc}/README.sdp (100%)
diff --git
Hi Peng,
I'm not being able to boot U-Boot v2019.01 on my i.MX8QXP B0 MEK board
by following README file (board/freescale/imx8qxp_mek/README).
After reverting commit f7e475db4011("tools: imx8image: set dcd_skip to
true") everything seems to be working fine.
Do you happen to know if the
Hi Peng,
Em qua, 16 de jan de 2019 às 23:33, Peng Fan escreveu:
>
> Hi Breno,
>
> > -Original Message-
> > From: Breno Matheus Lima [mailto:brenomath...@gmail.com]
> > Sent: 2019年1月17日 9:04
> > To: Peng Fan ; Breno Matheus Lima
> >
> > Cc: Fa
Hi Peng,
Em qua, 16 de jan de 2019 às 23:48, Peng Fan escreveu:
>
>
>
> > -Original Message-
> > From: Breno Matheus Lima [mailto:brenomath...@gmail.com]
> > Sent: 2019年1月17日 9:42
> > To: Peng Fan
> > Cc: Breno Matheus Lima ; Fabio Esteva
Hi Fabio,
Em sex, 18 de jan de 2019 às 11:00, Fabio Estevam escreveu:
>
> This reverts commit f7e475db4011d18b4ae974154eb022c3af6a4d16.
>
> This commit breaks the boot on imx8qxp evk and it should only
> be re-applied after imx8qxp evk is converted to SPL.
>
> Revert it for now, so that imx8qxp
The HABv4 is supported in i.MX50, i.MX53, i.MX6, i.MX7,
series and i.MX 8M, i.MX8MM devices.
Add an introductory document containing the following topics:
- HABv4 Introduction
- HABv4 Secure Boot
- HABv4 Encrypted Boot
- HAB PKI tree generation
- HAB Fast Authentication PKI tree generation
- SRK
Add HABv4 documentation for non-SPL targets covering the
following topics:
- How to sign an securely boot an u-boot-dtb.imx image.
- How to extend the root of trust for additional boot images.
- Add 3 CSF examples.
- Add IVT generation script example.
Reviewed-by: Ye Li
Reviewed-by: Utkarsh
The current U-Boot implementation includes SPL targets for
some NXP development boards:
- mx6sabreauto_defconfig
- mx6sabresd_defconfig
- mx6ul_14x14_evk_defconfig
- mx6ul_9x9_evk_defconfig
Add additional steps needed to completly secure the
bootloader image.
Signed-off-by: Breno Lima
---
Hi All,
This series is improving the current HABv4 U-Boot documentation
for iMX6 and iMX7 families devices.
The patch set is adding a complete step-by-step procedure on how to
securely boot an U-Boot image using HABv4:
habv4
├── csf_examples
│ ├── additional_images
│ │ └──
There is no need to have an extra hab directory under doc/imx/.
Habv4 and AHAB documentation can be added directly in doc/imx/ for a
cleaner documentation structure.
Signed-off-by: Breno Lima
---
doc/imx/{hab => }/habv4/encrypted_boot.txt | 0
doc/imx/{hab => }/habv4/secure_boot.txt| 0
2
The secure_boot.txt guide was replaced by mx6_mx7_secure_boot.txt and
mx6_mx7_spl_secure_boot.txt documents.
Both documents covers all steps needed for SPL and non-SPL tagets,
so remove secure_boot.txt file to avoid duplicated content.
Signed-off-by: Breno Lima
---
All guides are currently located at doc/imx/habv4/guides/ directory.
Move encrypted_boot.txt document to guides directory.
Signed-off-by: Breno Lima
---
doc/imx/habv4/{ => guides}/encrypted_boot.txt | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename doc/imx/habv4/{ =>
The following NXP application notes and manual recommend to ensure the
IVT DCD pointer is Null prior to calling HAB API authenticate_image()
function:
- AN12263: HABv4 RVT Guidelines and Recommendations
- AN4581: Secure Boot on i.MX50, i.MX53, i.MX 6 and i.MX7 Series using
HABv4
- CST docs:
Hi Parthiban,
Em ter, 6 de nov de 2018 às 14:42, Parthiban Nallathambi
escreveu:
>
> Current implementation of hab_auth_img command needs ivt_offset to
> authenticate the image. But ivt header is placed at the end of image
> date after padding.
>
> This leaves the usage of hab_auth_img command
Hi Parthiban,
Em qua, 21 de nov de 2018 às 18:47, Parthiban Nallathambi
escreveu:
>
> Hi Breno,
>
> On 11/21/18 7:42 PM, Breno Matheus Lima wrote:
> > Hi Parthiban,
> >
> > Em qua, 21 de nov de 2018 às 15:52, Parthiban Nallathambi
> > escreveu:
> >&
Hi Parthiban,
Em qua, 21 de nov de 2018 às 15:52, Parthiban Nallathambi
escreveu:
>
> Hi Breno,
>
> On 11/21/18 5:45 PM, Breno Matheus Lima wrote:
> > Hi Parthiban,
> >
> > Em qua, 21 de nov de 2018 às 11:50, Parthiban Nallathambi
> > escreveu:
> >>
Hi Parthiban,
Em qua, 21 de nov de 2018 às 11:50, Parthiban Nallathambi
escreveu:
>
> Current implementation of hab_auth_img command needs ivt_offset to
> authenticate the image. But ivt header is placed at the end of image
> date after padding.
>
> This leaves the usage of hab_auth_img command
Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to
non-TrustZone") breaks HABv4 encrypted boot support in the
following i.MX devices:
- i.MX6UL
- i.MX7S
- i.MX7D
- i.MX7ULP
For preparing a HABv4 encrypted boot image it's necessary to
encapsulate the generated DEK in a blob. In
Hi Bryan,
Em dom, 7 de abr de 2019 às 05:05, Bryan O'Donoghue
escreveu:
>
>
>
> On 06/04/2019 22:41, Breno Matheus Lima wrote:
> > Hi Bryan,
> >
> > Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue
> > escreveu:
> >>
> >>
&
The secure_boot.txt guide was replaced by mx6_mx7_secure_boot.txt and
mx6_mx7_spl_secure_boot.txt documents.
Both documents covers all steps needed for SPL and non-SPL tagets,
so remove secure_boot.txt file to avoid duplicated content.
Signed-off-by: Breno Lima
---
Hi Stefano,
Em sex, 15 de fev de 2019 às 09:57, Stefano Babic escreveu:
>
> On 23/01/19 20:30, Breno Matheus Lima wrote:
> > The secure_boot.txt guide was replaced by mx6_mx7_secure_boot.txt and
> > mx6_mx7_spl_secure_boot.txt documents.
> >
> > Both documents c
Hi Stefano,
Em qui, 31 de jan de 2019 às 11:21, Stefano Babic escreveu:
>
> Hi Breno,
>
> On 31/01/19 14:16, Breno Matheus Lima wrote:
> > Hi Peng,
> >
> > I'm trying to build imx8mq_evk_defconfig target by following the
> > README file under board/frees
,
Breno Lima
--
Breno Matheus Lima
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Hi Bryan,
Seems that my last email didn't get in U-Boot mailing list, I'm sending again.
Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue
escreveu:
>
>
>
> On 05/04/2019 17:16, Breno Matheus Lima wrote:
> > + if ((IS_ENABLED(CONFIG_OPTEE) ||
> >
Hi Bryan,
Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue
escreveu:
>
>
>
> On 05/04/2019 17:16, Breno Matheus Lima wrote:
> > + if ((IS_ENABLED(CONFIG_OPTEE) ||
> > + !IS_ENABLED(CONFIG_ARMV7_BOOT_SEC_DEFAULT)) &&
> > + !IS
Commit ad7061ed742e ("doc: Move device tree bindings documentation to
doc/device-tree-bindings") moved all device tree binding documentation
to doc/device-tree-bindings directory.
The current U-Boot project still have two documentation directories:
- doc/
- Documentation/
Move all
Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to
non-TrustZone") breaks HABv4 encrypted boot support in the
following i.MX devices:
- i.MX6UL
- i.MX7S
- i.MX7D
- i.MX7ULP
For preparing a HABv4 encrypted boot image it's necessary to
encapsulate the generated DEK in a blob. In
Hi Sjoerd,
Em seg, 17 de jun de 2019 às 11:26, Sjoerd Simons
escreveu:
>
> On Tue, 2019-06-04 at 18:56 -0300, Fabio Estevam wrote:
> > On Tue, Jun 4, 2019 at 5:41 PM Sjoerd Simons
> > wrote:
>
> > We have been using imx_usb_loader for a long time. After DM / fit
> > comvesion the IVT piece is
Secure boot is not enabled in mx6sxsabresd imximage.cfg, add support
for it.
Signed-off-by: Breno Lima
---
board/freescale/mx6sxsabresd/imximage.cfg | 7 +++
1 file changed, 7 insertions(+)
diff --git a/board/freescale/mx6sxsabresd/imximage.cfg
b/board/freescale/mx6sxsabresd/imximage.cfg
Hi Bryan,
Em ter, 30 de abr de 2019 às 05:13, Bryan O'Donoghue
escreveu:
>
>
>
> On 30/04/2019 02:28, Bryan O'Donoghue wrote:
> >
> >
> > On 25/04/2019 04:24, Breno Matheus Lima wrote:
> >> I couldn't get encrypted boot working in my first attempt, doing th
According to hab.c code we have to notify the ROM code if the MMU is
enabled or not. This is achieved by setting the "pu_irom_mmu_enabled"
to 0x1.
The current address in hab.c code is wrong for i.MX6SL, according to ROM
map file the correct address is 0x00901c60.
As we are writing in the wrong
e") reverted works fine.
I will take a better look in your patch set and let you know if I find
something.
Best Regards,
Breno Matheus Lima
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Hi Bryan,
Em ter, 23 de abr de 2019 às 07:20, Bryan O'Donoghue
escreveu:
>
> We need to handle the case where DEK blobs are passed to the BootROM. In
> this case, unlike in HAB authentication the BootROM checks job-ring
> ownership set to secure world.
>
> One possible solution is to set the
In certain i.MX devices the encrypted boot image is failing to boot.
According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
it's necessary to pad CSF to 0x2000 and append DEK blob.
In this case the total image size in boot data structure must cover the
entire binary otherwise
Hi Jon,
Em qua, 28 de ago de 2019 às 09:49, Jon Szymaniak
escreveu:
>
> Hello all,
>
> I'd like to get U-Boot >= 2019.07 booting on a Wandboard Quad with HAB
> support enabled, but appear to be running into either some regressions
> (or matters of PEBKAC). For the scope of this discussion, I'm
Hi Peng,
Em qua, 11 de set de 2019 às 22:07, Peng Fan escreveu:
>
> Hi Breno,
>
> > Subject: [PATCH 2/4] habv4: tools: Avoid hardcoded CSF size for SPL targets
>
> I saw this patch in imx/master, not in Tom's tree. But this patch breaks
> build for other archs, such as arc and etc.
>
Thanks for
Hi Stefano,
Em seg, 16 de set de 2019 às 05:17, Stefano Babic escreveu:
>
> Hi Breno,
>
> On 12/09/19 03:07, Peng Fan wrote:
> > Hi Breno,
> >
> >> Subject: [PATCH 2/4] habv4: tools: Avoid hardcoded CSF size for SPL targets
> >
> > I saw this patch in imx/master, not in Tom's tree. But this
g from NAND the DCD table is not loaded in OCRAM so that
shouldn't be a problem. The DCD is loaded in OCRAM when booting via
USB OTG using the serial download protocol, you can have more details
in link below:
https://github.com/NXPmicro/mfgtools/wiki/UUU-default-support-protocol-list#habv4-
HI Stefano and Jagan,
Em qua, 18 de set de 2019 às 04:59, Stefano Babic escreveu:
>
> Hi Jagan, Breno,
>
> On 17/09/19 09:13, Jagan Teki wrote:
> > Hi Breno,
> >
> > On Thu, Jul 18, 2019 at 6:06 PM Breno Matheus Lima
> > wrote:
> >>
> >>
Move CONFIG_CSF_SIZE to Kconfig and define default value as 0x4000.
mx8mqevk requires 0x2000 add this configuration in imx8mq_evk_defconfig
file.
Signed-off-by: Breno Lima
---
arch/arm/mach-imx/Kconfig | 7 +++
configs/imx8mq_evk_defconfig | 1 +
include/configs/cl-som-imx7.h | 1 -
This patch set is improving the HAB support for targets that are using
IH_TYPE_FIRMWARE_IVT image type.
Patch 0001 is migrating CONFIG_CSF_SIZE to Kconfig so value can be
configurable and used by U-Boot tools.
Patch 0002 is fixing secure boot support for targets using
IH_TYPE_FIRMWARE_IVT image
Currently it's not possible to authenticate the U-Boot proper of
mx6ul_14x14_evk_defconfig target:
Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x0 length=0x00 version=0x3
bad length magic=0x0 length=0x00 version=0x3
bad version magic=0x0 length=0x00 version=0x3
spl: ERROR:
In case CONFIG_SECURE_BOOT is enabled we need to limit the SPL size to
avoid a possible HAB failure event:
- HAB Event 1 -
event data:
0xdb 0x00 0x14 0x42 0x33 0x22 0x33 0x00
0x00 0x00 0x00 0x0f 0x00 0x90 0x70 0x00
0x00 0x01 0x10 0x00
STS =
Since commit 6e1f4d2652e7 ("arm: imx-common: add SECURE_BOOT option
to Kconfig") the SECURE_BOOT option is selected through Kconfig.
Cleanup comments in code to align with this change.
Signed-off-by: Breno Lima
---
include/configs/cl-som-imx7.h | 3 ---
include/configs/mx7ulp_evk.h | 3 ---
2
Currently it's not possible to boot mx6ulevk board using
imx_usb_loader tool:
U-Boot SPL 2018.03 (Jul 18 2019 - 10:05:17 -0300)
SPL: Unsupported Boot Device!
SPL: failed to boot from all boot devices
Enable necessary configuration in defconfig file.
Signed-off-by: Breno Lima
---
1 - 100 of 110 matches
Mail list logo