eaw/u-boot
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

arm: imx: add HAB authentication of image to SPL boot

Browse Source 
When using HAB as secure boot mechanism on Wandboard, the chain of
trust breaks immediately after the SPL. As this is not checking
the authenticity of the loaded image before jumping to it.

The HAB status output will not be implemented in SPL as it adds
a lot of strings that are only required in debug cases. With those
it exceeds the maximum size of the available OCRAM (69 KiB).

The SPL MISC driver support must be enabled, so that the driver can use OTP fuse
to check if HAB is enabled.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
This commit is contained in:
Sven Ebenfeld
2016-11-06 16:37:55 +01:00
committed by Stefano Babic
parent 99f49fdd5d
commit 15b505b055
5 changed files with 110 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/configs/mx6_common.h
View File

@@ -98,6 +98,9 @@
#define CONFIG_FSL_CAAM
#define CONFIG_CMD_DEKBLOB
#define CONFIG_SYS_FSL_SEC_LE
#ifdef CONFIG_SPL_BUILD
#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
#endif
#endif
#endif