Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2024-11-11 15:37:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

ARM: dts: imx8mm-verdin: prepare for dek blob encapsulation

Browse source 
Prepare for DEK blob encapsulation support through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application
call. U-boot sends and receives the DEK and the DEK blob binaries
through OP-TEE dynamic shared memory.

To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y

Taken from NXP's commit 56d2050f40 ("imx8m: Add DEK blob encapsulation
for imx8m").

Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
This commit is contained in:
Marcel Ziswiler 2021-10-09 22:41:05 +02:00 committed by Stefano Babic
parent 5206f1ce0c
commit 8d060e4a66
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
arch/arm/dts/imx8mm-verdin-u-boot.dtsi
View file

@ -6,6 +6,13 @@
#include "imx8mm-u-boot.dtsi"
/ {
firmware {
optee {
compatible = "linaro,optee-tz";
method = "smc";
};
};
wdt-reboot {
compatible = "wdt-reboot";
wdt = <&wdog1>;