Commit graph

7 commits

Author SHA1 Message Date
Sven Ebenfeld
15b505b055 arm: imx: add HAB authentication of image to SPL boot
When using HAB as secure boot mechanism on Wandboard, the chain of
trust breaks immediately after the SPL. As this is not checking
the authenticity of the loaded image before jumping to it.

The HAB status output will not be implemented in SPL as it adds
a lot of strings that are only required in debug cases. With those
it exceeds the maximum size of the available OCRAM (69 KiB).

The SPL MISC driver support must be enabled, so that the driver can use OTP fuse
to check if HAB is enabled.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
2017-01-02 17:04:38 +01:00
Peng Fan
b5437a8082 imx-common: hab: support i.MX6DQPlus
Support i.MX6DQPlus, otherwise wrong hab address will be used
for i.MX6QDPlus.

Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: Ulises Cardenas <Ulises.Cardenas@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
2016-05-24 14:59:56 +02:00
Peng Fan
27cd0da41e imx-common: use simpler runtime cpu dection macros
Use simpler runtime cpu dection macros.

Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com>
Cc: "Benoît Thébaudeau" <benoit.thebaudeau.dev@gmail.com>
2016-05-24 14:59:56 +02:00
Peng Fan
003f0c7eb2 imx-common: hab: support i.MX6SOLO
Add i.MX6SOLO support for hab function.
The difference between i.MX6SOLO and i.MX6DL is
the number of CPU cores. Besides this, they work
the same.

Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com>
Cc: "Benoît Thébaudeau" <benoit.thebaudeau.dev@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
2016-05-24 14:59:56 +02:00
Adrian Alonso
ee3899aa6c imx: hab: add mx7 secure boot support
Add mx7 secure boot support, add helper macro IS_HAB_ENABLED_BIT
to get the corresponding bit mask per SoC (mx7 or mx6) to identify
if securue boot feature is enabled/disabled.

On authenticate_image only check for mmu enabled on mx6 SoC to
force pu_irom_mmu_enabled so ROM code can perform mmu cache flush
mx7 SoC ROM code does not have this issue as ROM enables cache support
based on fuse settings.

Signed-off-by: Adrian Alonso <aalonso@freescale.com>
2015-10-30 15:22:37 +01:00
Adrian Alonso
fba6f9efa4 imx: hab: use read_fuse for secure boot settings
Use read_fuse api fuction call to read secure boot fuse
settings (enabled/disabled).

Signed-off-by: Adrian Alonso <aalonso@freescale.com>
2015-10-30 15:22:37 +01:00
Adrian Alonso
7a7281a91c imx: hab: rework secure boot support for imx6
Rework secure boot support for imx6, move existing hab support
for imx6 into imx-common for SoC reuse.

Signed-off-by: Adrian Alonso <aalonso@freescale.com>
2015-10-30 15:20:57 +01:00
Renamed from arch/arm/cpu/armv7/mx6/hab.c (Browse further)