Commit graph

6 commits

Author SHA1 Message Date
Fabio Estevam
951d63000e doc: csf_examples: csf.sh: Remove unneeded export ATF_LOAD_ADDR line
Originally, exporting the ATF_LOAD_ADDR was required, but since binman has
been used to generate the flash.bin, it is no longer needed to do
such manual export.

The ATF address is now passed via binman.

Remove the unneeded export ATF_LOAD_ADDR line.

Signed-off-by: Fabio Estevam <festevam@denx.de>
2023-08-19 04:12:53 +02:00
Tim Harvey
ff1dd52024 mx8m: csf.sh: use vars for keys to avoid file edits when signing
The csf_spl.txt and csf_fit.txt templates contain file paths which must
be edited for the location of your NXP CST generated key files.

Streamline the process of signing an image by assigning unique var names
to these which can be expended from env variables in the csf.sh script.

The following vars are used:
 SRK_TABLE - full path to SRK_1_2_3_4_table.bin
 CSF_KEY - full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem
 IMG_KEY - full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem

Additionally provide an example of running the csf.sh script.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Marek Vasut
6039e0edc8 imx: hab: Simplify the mechanism
The current mechanism is unnecessarily complex. Simplify the whole mechanism
such that the entire fitImage is signed, IVT is placed at the end, followed
by CSF, and this entire bundle is also authenticated. This makes the signing
scripting far simpler.

Signed-off-by: Marek Vasut <marex@denx.de>
2023-06-24 13:47:02 -04:00
Simon Glass
984639039f Rename CONFIG_SYS_TEXT_BASE to CONFIG_TEXT_BASE
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().

Rename it to resolve this problem.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-10-31 11:01:31 -04:00
Fabio Estevam
8b9d90d634 mx8m: csf.sh: Fix the calculation of fit_block_size
When running the script to sign SPL/U-Boot on a kontron-sl-mx8mm board,
the fit_block_size was calculated as 0x1000 instead of 0x1020.

Add an extra parenthesis pair to fix it.

Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Marek Vasut <marex@denx.de>
2022-09-21 16:19:45 +02:00
Marek Vasut
0c2c1c9415 doc: imx: habv4: Add Secure Boot guide for i.MX8M SPL targets
Add HABv4 documentation extension for SPL targets covering the
following topics:

- How to sign an securely boot an flash.bin container image.
- How to extend the root of trust for additional boot images.
- Add SPL and fitImage CSF examples.
- Add signature generation script example.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <festevam@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Ye Li <ye.li@nxp.com>
2022-09-18 20:42:56 +02:00