Hi Eric, all, On Tue, Aug 23, 2016 at 05:35:14PM -0700, Eric Nelson wrote: > Hi Gary, > > On 08/23/2016 02:55 PM, Gary Bisson wrote: > > Selecting the proper options to enable the build of the HAB tools. > > > > Also adding a CSF section to the imx final image so it can contain > > the signature information. > > > > Note, this support is disabled by default, one will have to select > > the SECURE_BOOT configuration through menuconfig to enable it. > > > > Signed-off-by: Gary Bisson <gary.bis...@boundarydevices.com> > > --- > > board/boundary/nitrogen6x/nitrogen6dl.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6dl2g.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6q.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6q2g.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6s.cfg | 3 +++ > > board/boundary/nitrogen6x/nitrogen6s1g.cfg | 3 +++ > > include/configs/nitrogen6x.h | 9 +++++++++ > > 7 files changed, 27 insertions(+) > > > > diff --git a/board/boundary/nitrogen6x/nitrogen6dl.cfg > > b/board/boundary/nitrogen6x/nitrogen6dl.cfg > > index 1cdccad..5c3e961 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6dl.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6dl.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > > b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > > index 516d67e..fe19ed0 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6dl2g.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6q.cfg > > b/board/boundary/nitrogen6x/nitrogen6q.cfg > > index b6642e6..60e1885 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6q.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6q.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6q2g.cfg > > b/board/boundary/nitrogen6x/nitrogen6q2g.cfg > > index fe6dfc1..7a3ee94 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6q2g.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6q2g.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6s.cfg > > b/board/boundary/nitrogen6x/nitrogen6s.cfg > > index ca30cd6..2540b7b 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6s.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6s.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/board/boundary/nitrogen6x/nitrogen6s1g.cfg > > b/board/boundary/nitrogen6x/nitrogen6s1g.cfg > > index b1489fb..946af7b 100644 > > --- a/board/boundary/nitrogen6x/nitrogen6s1g.cfg > > +++ b/board/boundary/nitrogen6x/nitrogen6s1g.cfg > > @@ -20,6 +20,9 @@ BOOT_FROM spi > > > > #define __ASSEMBLY__ > > #include <config.h> > > +#ifdef CONFIG_SECURE_BOOT > > +CSF CONFIG_CSF_SIZE > > +#endif > > #include "asm/arch/mx6-ddr.h" > > #include "asm/arch/iomux.h" > > #include "asm/arch/crm_regs.h" > > diff --git a/include/configs/nitrogen6x.h b/include/configs/nitrogen6x.h > > index b651eb3..3281e42 100644 > > --- a/include/configs/nitrogen6x.h > > +++ b/include/configs/nitrogen6x.h > > @@ -35,6 +35,15 @@ > > #define CONFIG_SF_DEFAULT_MODE (SPI_MODE_0) > > #endif > > > > +/* Secure boot (HAB) support */ > > +#ifdef CONFIG_SECURE_BOOT > > +#define CONFIG_CSF_SIZE 0x2000 > > +#define CONFIG_SYS_FSL_SEC_COMPAT 4 > > +#define CONFIG_FSL_CAAM > > +#define CONFIG_CMD_DEKBLOB > > +#define CONFIG_SYS_FSL_SEC_LE > > +#endif > > + > > I agree with the comment in your cover letter, that this belongs > in a common place.
Does Fabio agree with that? Also, should we differenciate the options needed for signature only (SECURE_BOOT and CSF_SIZE) to the other that are only useful when encryption is needed. Regards, Gary _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot