leandrof/u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

imx: replace CONFIG_SECURE_BOOT with CONFIG_IMX_HAB

Browse Source 
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross
architecture purposes. If Secure Boot is required for imx, this means to
enable and use the HAB processor in the soc.

Signed-off-by: Stefano Babic <sbabic@denx.de>
This commit is contained in:
Stefano Babic 2019-09-20 08:47:53 +02:00
parent c115cd154c
commit d714a75fd4
42 changed files with 49 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -830,10 +830,10 @@ ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl
endif endif
endif endif
ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin
ifeq ($(CONFIG_MX6)$(CONFIG_SECURE_BOOT), yy) ifeq ($(CONFIG_MX6)$(CONFIG_IMX_HAB), yy)
ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot-ivt.img ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot-ivt.img
else else
ifeq ($(CONFIG_MX7)$(CONFIG_SECURE_BOOT), yy) ifeq ($(CONFIG_MX7)$(CONFIG_IMX_HAB), yy)
ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot-ivt.img ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot-ivt.img
else else
ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img

4
arch/arm/Kconfig
View File

@ -812,7 +812,7 @@ config ARCH_MX7
select ARCH_MISC_INIT select ARCH_MISC_INIT
select BOARD_EARLY_INIT_F select BOARD_EARLY_INIT_F
select CPU_V7A select CPU_V7A
select SYS_FSL_HAS_SEC if SECURE_BOOT select SYS_FSL_HAS_SEC if IMX_HAB
select SYS_FSL_SEC_COMPAT_4 select SYS_FSL_SEC_COMPAT_4
select SYS_FSL_SEC_LE select SYS_FSL_SEC_LE
imply MXC_GPIO imply MXC_GPIO
@ -820,7 +820,7 @@ config ARCH_MX7
config ARCH_MX6 config ARCH_MX6
bool "Freescale MX6" bool "Freescale MX6"
select CPU_V7A select CPU_V7A
select SYS_FSL_HAS_SEC if SECURE_BOOT select SYS_FSL_HAS_SEC if IMX_HAB
select SYS_FSL_SEC_COMPAT_4 select SYS_FSL_SEC_COMPAT_4
select SYS_FSL_SEC_LE select SYS_FSL_SEC_LE
select SYS_THUMB_BUILD if SPL select SYS_THUMB_BUILD if SPL

2
arch/arm/include/asm/arch-mx7/clock.h
View File

@ -357,7 +357,7 @@ int set_clk_nand(void);
void enable_ocotp_clk(unsigned char enable); void enable_ocotp_clk(unsigned char enable);
#endif #endif
void enable_usboh3_clk(unsigned char enable); void enable_usboh3_clk(unsigned char enable);
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
void hab_caam_clock_enable(unsigned char enable); void hab_caam_clock_enable(unsigned char enable);
#endif #endif
void mxs_set_lcdclk(uint32_t base_addr, uint32_t freq); void mxs_set_lcdclk(uint32_t base_addr, uint32_t freq);

2
arch/arm/include/asm/mach-imx/hab.h
View File

@ -130,7 +130,7 @@ struct imx_sec_config_fuse_t {
int word; int word;
}; };
#if defined(CONFIG_SECURE_BOOT) #if defined(CONFIG_IMX_HAB)
extern struct imx_sec_config_fuse_t const imx_sec_config_fuse; extern struct imx_sec_config_fuse_t const imx_sec_config_fuse;
#endif #endif

2
arch/arm/mach-imx/Kconfig
View File

@ -34,7 +34,7 @@ config USE_IMXIMG_PLUGIN
i.MX6/7 supports DCD and Plugin. Enable this configuration i.MX6/7 supports DCD and Plugin. Enable this configuration
to use Plugin, otherwise DCD will be used. to use Plugin, otherwise DCD will be used.
config SECURE_BOOT config IMX_HAB
bool "Support i.MX HAB features" bool "Support i.MX HAB features"
depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5 depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
select FSL_CAAM if HAS_CAAM select FSL_CAAM if HAS_CAAM

4
arch/arm/mach-imx/Makefile
View File

@ -44,12 +44,12 @@ ifneq ($(CONFIG_SPL_BUILD),y)
obj-$(CONFIG_IMX_BOOTAUX) += imx_bootaux.o obj-$(CONFIG_IMX_BOOTAUX) += imx_bootaux.o
endif endif
obj-$(CONFIG_SATA) += sata.o obj-$(CONFIG_SATA) += sata.o
obj-$(CONFIG_SECURE_BOOT) += hab.o obj-$(CONFIG_IMX_HAB) += hab.o
obj-$(CONFIG_SYSCOUNTER_TIMER) += syscounter.o obj-$(CONFIG_SYSCOUNTER_TIMER) += syscounter.o
endif endif
ifeq ($(SOC),$(filter $(SOC),mx7ulp)) ifeq ($(SOC),$(filter $(SOC),mx7ulp))
obj-y += cache.o obj-y += cache.o
obj-$(CONFIG_SECURE_BOOT) += hab.o obj-$(CONFIG_IMX_HAB) += hab.o
endif endif
ifeq ($(SOC),$(filter $(SOC),vf610)) ifeq ($(SOC),$(filter $(SOC),vf610))
obj-y += ddrmc-vf610.o obj-y += ddrmc-vf610.o

2
arch/arm/mach-imx/imx8m/soc.c
View File

@ -22,7 +22,7 @@
DECLARE_GLOBAL_DATA_PTR; DECLARE_GLOBAL_DATA_PTR;
#if defined(CONFIG_SECURE_BOOT) #if defined(CONFIG_IMX_HAB)
struct imx_sec_config_fuse_t const imx_sec_config_fuse = { struct imx_sec_config_fuse_t const imx_sec_config_fuse = {
.bank = 1, .bank = 1,
.word = 3, .word = 3,

2
arch/arm/mach-imx/mx6/clock.c
View File

@ -1152,7 +1152,7 @@ int enable_pcie_clock(void)
} }
#endif #endif
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
void hab_caam_clock_enable(unsigned char enable) void hab_caam_clock_enable(unsigned char enable)
{ {
u32 reg; u32 reg;

2
arch/arm/mach-imx/mx6/soc.c
View File

@ -50,7 +50,7 @@ U_BOOT_DEVICE(imx6_thermal) = {
}; };
#endif #endif
#if defined(CONFIG_SECURE_BOOT) #if defined(CONFIG_IMX_HAB)
struct imx_sec_config_fuse_t const imx_sec_config_fuse = { struct imx_sec_config_fuse_t const imx_sec_config_fuse = {
.bank = 0, .bank = 0,
.word = 6, .word = 6,

2
arch/arm/mach-imx/mx7/clock.c
View File

@ -1074,7 +1074,7 @@ void clock_init(void)
} }
} }
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
void hab_caam_clock_enable(unsigned char enable) void hab_caam_clock_enable(unsigned char enable)
{ {
if (enable) if (enable)

2
arch/arm/mach-imx/mx7/soc.c
View File

@ -122,7 +122,7 @@ static void isolate_resource(void)
} }
#endif #endif
#if defined(CONFIG_SECURE_BOOT) #if defined(CONFIG_IMX_HAB)
struct imx_sec_config_fuse_t const imx_sec_config_fuse = { struct imx_sec_config_fuse_t const imx_sec_config_fuse = {
.bank = 1, .bank = 1,
.word = 3, .word = 3,

2
arch/arm/mach-imx/mx7ulp/clock.c
View File

@ -314,7 +314,7 @@ void clock_init(void)
enable_usboh3_clk(1); enable_usboh3_clk(1);
} }
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
void hab_caam_clock_enable(unsigned char enable) void hab_caam_clock_enable(unsigned char enable)
{ {
if (enable) if (enable)

2
arch/arm/mach-imx/mx7ulp/soc.c
View File

@ -11,7 +11,7 @@
static char *get_reset_cause(char *); static char *get_reset_cause(char *);
#if defined(CONFIG_SECURE_BOOT) #if defined(CONFIG_IMX_HAB)
struct imx_sec_config_fuse_t const imx_sec_config_fuse = { struct imx_sec_config_fuse_t const imx_sec_config_fuse = {
.bank = 29, .bank = 29,
.word = 6, .word = 6,

2
arch/arm/mach-imx/spl.c
View File

@ -222,7 +222,7 @@ u32 spl_boot_mode(const u32 boot_device)
} }
#endif #endif
#if defined(CONFIG_SECURE_BOOT) #if defined(CONFIG_IMX_HAB)
/* /*
* +------------+ 0x0 (DDR_UIMAGE_START) - * +------------+ 0x0 (DDR_UIMAGE_START) -

2
arch/arm/mach-imx/spl_sd.cfg
View File

@ -12,6 +12,6 @@ BOOT_FROM sd
/* /*
* Secure boot support * Secure boot support
*/ */
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/boundary/nitrogen6x/nitrogen6dl.cfg
View File

@ -19,7 +19,7 @@ BOOT_FROM spi
#define __ASSEMBLY__ #define __ASSEMBLY__
#include <config.h> #include <config.h>
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif
#include "asm/arch/mx6-ddr.h" #include "asm/arch/mx6-ddr.h"

2
board/boundary/nitrogen6x/nitrogen6dl2g.cfg
View File

@ -19,7 +19,7 @@ BOOT_FROM spi
#define __ASSEMBLY__ #define __ASSEMBLY__
#include <config.h> #include <config.h>
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif
#include "asm/arch/mx6-ddr.h" #include "asm/arch/mx6-ddr.h"

2
board/boundary/nitrogen6x/nitrogen6q.cfg
View File

@ -19,7 +19,7 @@ BOOT_FROM spi
#define __ASSEMBLY__ #define __ASSEMBLY__
#include <config.h> #include <config.h>
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif
#include "asm/arch/mx6-ddr.h" #include "asm/arch/mx6-ddr.h"

2
board/boundary/nitrogen6x/nitrogen6q2g.cfg
View File

@ -19,7 +19,7 @@ BOOT_FROM spi
#define __ASSEMBLY__ #define __ASSEMBLY__
#include <config.h> #include <config.h>
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif
#include "asm/arch/mx6-ddr.h" #include "asm/arch/mx6-ddr.h"

2
board/boundary/nitrogen6x/nitrogen6s.cfg
View File

@ -19,7 +19,7 @@ BOOT_FROM spi
#define __ASSEMBLY__ #define __ASSEMBLY__
#include <config.h> #include <config.h>
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif
#include "asm/arch/mx6-ddr.h" #include "asm/arch/mx6-ddr.h"

2
board/boundary/nitrogen6x/nitrogen6s1g.cfg
View File

@ -19,7 +19,7 @@ BOOT_FROM spi
#define __ASSEMBLY__ #define __ASSEMBLY__
#include <config.h> #include <config.h>
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif
#include "asm/arch/mx6-ddr.h" #include "asm/arch/mx6-ddr.h"

2
board/freescale/mx6slevk/imximage.cfg
View File

@ -24,7 +24,7 @@ BOOT_FROM sd
/* /*
* Secure boot support * Secure boot support
*/ */
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/freescale/mx6sllevk/imximage.cfg
View File

@ -27,7 +27,7 @@ BOOT_FROM sd
PLUGIN board/freescale/mx6sllevk/plugin.bin 0x00907000 PLUGIN board/freescale/mx6sllevk/plugin.bin 0x00907000
#else #else
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/freescale/mx6sxsabresd/imximage.cfg
View File

@ -20,7 +20,7 @@ BOOT_FROM sd
/* /*
* Secure boot support * Secure boot support
*/ */
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/freescale/mx6ullevk/imximage.cfg
View File

@ -33,7 +33,7 @@ BOOT_FROM sd
PLUGIN board/freescale/mx6ullevk/plugin.bin 0x00907000 PLUGIN board/freescale/mx6ullevk/plugin.bin 0x00907000
#else #else
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/freescale/mx7dsabresd/imximage.cfg
View File

@ -24,7 +24,7 @@ BOOT_FROM sd
/* /*
* Secure boot support * Secure boot support
*/ */
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/freescale/mx7ulp_evk/imximage.cfg
View File

@ -27,7 +27,7 @@ BOOT_FROM sd
PLUGIN board/freescale/mx7ulp_evk/plugin.bin 0x2F020000 PLUGIN board/freescale/mx7ulp_evk/plugin.bin 0x2F020000
#else #else
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif
/* /*

2
board/toradex/colibri-imx6ull/imximage.cfg
View File

@ -25,7 +25,7 @@ BOOT_FROM nand
/* /*
* Secure boot support * Secure boot support
*/ */
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/toradex/colibri_imx7/imximage.cfg
View File

@ -25,7 +25,7 @@ BOOT_FROM sd
/* /*
* Secure boot support * Secure boot support
*/ */
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/warp/imximage.cfg
View File

@ -24,7 +24,7 @@ BOOT_FROM sd
/* /*
* Secure boot support * Secure boot support
*/ */
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG__IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/warp7/imximage.cfg
View File

@ -12,7 +12,7 @@
#include <config.h> #include <config.h>
IMAGE_VERSION 2 IMAGE_VERSION 2
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
CSF CONFIG_CSF_SIZE CSF CONFIG_CSF_SIZE
#endif #endif

2
board/warp7/warp7.c
View File

@ -146,7 +146,7 @@ int board_late_init(void)
*/ */
clrsetbits_le16(&wdog->wcr, 0, 0x10); clrsetbits_le16(&wdog->wcr, 0, 0x10);
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
/* Determine HAB state */ /* Determine HAB state */
env_set_ulong(HAB_ENABLED_ENVNAME, imx_hab_is_enabled()); env_set_ulong(HAB_ENABLED_ENVNAME, imx_hab_is_enabled());
#else #else

2
common/spl/spl_fit.c
View File

@ -553,7 +553,7 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
spl_image->flags |= SPL_FIT_FOUND; spl_image->flags |= SPL_FIT_FOUND;
#ifdef CONFIG_SECURE_BOOT #ifdef CONFIG_IMX_HAB
board_spl_fit_post_load((ulong)fit, size); board_spl_fit_post_load((ulong)fit, size);
#endif #endif

2
configs/colibri_imx7_defconfig
View File

@ -2,7 +2,7 @@ CONFIG_ARM=y
CONFIG_SYS_THUMB_BUILD=y CONFIG_SYS_THUMB_BUILD=y
CONFIG_ARCH_MX7=y CONFIG_ARCH_MX7=y
CONFIG_SYS_TEXT_BASE=0x87800000 CONFIG_SYS_TEXT_BASE=0x87800000
CONFIG_SECURE_BOOT=y CONFIG_IMX_HAB=y
CONFIG_TARGET_COLIBRI_IMX7=y CONFIG_TARGET_COLIBRI_IMX7=y
CONFIG_NR_DRAM_BANKS=1 CONFIG_NR_DRAM_BANKS=1
CONFIG_IMX_RDC=y CONFIG_IMX_RDC=y

2
configs/colibri_imx7_emmc_defconfig
View File

@ -2,7 +2,7 @@ CONFIG_ARM=y
CONFIG_SYS_THUMB_BUILD=y CONFIG_SYS_THUMB_BUILD=y
CONFIG_ARCH_MX7=y CONFIG_ARCH_MX7=y
CONFIG_SYS_TEXT_BASE=0x87800000 CONFIG_SYS_TEXT_BASE=0x87800000
CONFIG_SECURE_BOOT=y CONFIG_IMX_HAB=y
CONFIG_TARGET_COLIBRI_IMX7=y CONFIG_TARGET_COLIBRI_IMX7=y
CONFIG_TARGET_COLIBRI_IMX7_EMMC=y CONFIG_TARGET_COLIBRI_IMX7_EMMC=y
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y CONFIG_ARMV7_BOOT_SEC_DEFAULT=y

2
configs/imx6dl_mamoj_defconfig
View File

@ -1,7 +1,7 @@
CONFIG_ARM=y CONFIG_ARM=y
CONFIG_ARCH_MX6=y CONFIG_ARCH_MX6=y
CONFIG_SYS_TEXT_BASE=0x17800000 CONFIG_SYS_TEXT_BASE=0x17800000
CONFIG_SECURE_BOOT=y CONFIG_IMX_HAB=y
CONFIG_TARGET_MX6DL_MAMOJ=y CONFIG_TARGET_MX6DL_MAMOJ=y
CONFIG_NR_DRAM_BANKS=1 CONFIG_NR_DRAM_BANKS=1
CONFIG_CSF_SIZE=0x2060 CONFIG_CSF_SIZE=0x2060

2
configs/warp7_bl33_defconfig
View File

@ -1,7 +1,7 @@
CONFIG_ARM=y CONFIG_ARM=y
CONFIG_ARCH_MX7=y CONFIG_ARCH_MX7=y
CONFIG_SYS_TEXT_BASE=0x87800000 CONFIG_SYS_TEXT_BASE=0x87800000
CONFIG_SECURE_BOOT=y CONFIG_IMX_HAB=y
CONFIG_TARGET_WARP7=y CONFIG_TARGET_WARP7=y
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
CONFIG_FIT=y CONFIG_FIT=y

2
configs/warp7_defconfig
View File

@ -1,7 +1,7 @@
CONFIG_ARM=y CONFIG_ARM=y
CONFIG_ARCH_MX7=y CONFIG_ARCH_MX7=y
CONFIG_SYS_TEXT_BASE=0x87800000 CONFIG_SYS_TEXT_BASE=0x87800000
CONFIG_SECURE_BOOT=y CONFIG_IMX_HAB=y
CONFIG_TARGET_WARP7=y CONFIG_TARGET_WARP7=y
CONFIG_NR_DRAM_BANKS=1 CONFIG_NR_DRAM_BANKS=1
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y CONFIG_ARMV7_BOOT_SEC_DEFAULT=y

2
doc/imx/habv4/guides/encrypted_boot.txt
View File

@ -16,7 +16,7 @@ The DEK blob is generated by an authenticated U-Boot image with
the dek_blob cmd enabled. The image used for DEK blob generation the dek_blob cmd enabled. The image used for DEK blob generation
needs to have the following configurations enabled in Kconfig: needs to have the following configurations enabled in Kconfig:
CONFIG_SECURE_BOOT=y CONFIG_IMX_HAB=y
CONFIG_CMD_DEKBLOB=y CONFIG_CMD_DEKBLOB=y
Note: The encrypted boot feature is only supported by HABv4 or Note: The encrypted boot feature is only supported by HABv4 or

6
doc/imx/habv4/guides/mx6_mx7_secure_boot.txt
View File

@ -17,7 +17,7 @@ introduction_habv4.txt document.
The U-Boot provides support to secure boot configuration and also provide The U-Boot provides support to secure boot configuration and also provide
access to the HAB APIs exposed by the ROM vector table, the support is access to the HAB APIs exposed by the ROM vector table, the support is
enabled by selecting the CONFIG_SECURE_BOOT option. enabled by selecting the CONFIG_IMX_HAB option.
When built with this configuration, the U-Boot provides extra functions for When built with this configuration, the U-Boot provides extra functions for
HAB, such as the HAB status logs retrievement through the hab_status command HAB, such as the HAB status logs retrievement through the hab_status command
@ -57,12 +57,12 @@ The diagram below illustrate a signed u-boot-dtb.imx image layout:
------------------------------------- -------------------------------------
The first step is to generate an U-Boot image supporting the HAB features The first step is to generate an U-Boot image supporting the HAB features
mentioned above, this can be achieved by adding CONFIG_SECURE_BOOT to the mentioned above, this can be achieved by adding CONFIG_IMX_HAB to the
build configuration: build configuration:
- Defconfig: - Defconfig:
CONFIG_SECURE_BOOT=y CONFIG_IMX_HAB=y
- Kconfig: - Kconfig:

6
doc/imx/habv4/guides/mx6_mx7_spl_secure_boot.txt
View File

@ -27,7 +27,7 @@ root of trust.
The U-Boot provides support to secure boot configuration and also provide The U-Boot provides support to secure boot configuration and also provide
access to the HAB APIs exposed by the ROM vector table, the support is access to the HAB APIs exposed by the ROM vector table, the support is
enabled by selecting the CONFIG_SECURE_BOOT option. enabled by selecting the CONFIG_IMX_HAB option.
When built with this configuration the U-Boot correctly pads the final SPL When built with this configuration the U-Boot correctly pads the final SPL
image by aligning to the next 0xC00 address, so the CSF signature data image by aligning to the next 0xC00 address, so the CSF signature data
@ -82,12 +82,12 @@ The diagram below illustrate a signed u-boot-ivt.img image layout:
------------------------------------- -------------------------------------
The first step is to generate an U-Boot image supporting the HAB features The first step is to generate an U-Boot image supporting the HAB features
mentioned above, this can be achieved by adding CONFIG_SECURE_BOOT to the mentioned above, this can be achieved by adding CONFIG_IMX_HAB to the
build configuration: build configuration:
- Defconfig: - Defconfig:
CONFIG_SECURE_BOOT=y CONFIG_IMX_HAB=y
- Kconfig: - Kconfig:

2
tools/spl_size_limit.c
View File

@ -14,7 +14,7 @@ int main(int argc, char *argv[])
#ifdef CONFIG_SPL_SIZE_LIMIT #ifdef CONFIG_SPL_SIZE_LIMIT
spl_size_limit = CONFIG_SPL_SIZE_LIMIT; spl_size_limit = CONFIG_SPL_SIZE_LIMIT;
#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_CSF_SIZE) #if defined(CONFIG_IMX_HAB) && defined(CONFIG_CSF_SIZE)
spl_size_limit -= CONFIG_CSF_SIZE; spl_size_limit -= CONFIG_CSF_SIZE;
#endif #endif
#ifdef CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD #ifdef CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD