The current mechanism is unnecessarily complex. Simplify the whole mechanism
such that the entire fitImage is signed, IVT is placed at the end, followed
by CSF, and this entire bundle is also authenticated. This makes the signing
scripting far simpler.
Signed-off-by: Marek Vasut <marex@denx.de>
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS namespace do
not easily transition to Kconfig. In many cases they likely should come
from the device tree instead. Move these out of CONFIG namespace and in
to CFG namespace.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().
Rename it to resolve this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
When running the script to sign SPL/U-Boot on a kontron-sl-mx8mm board,
the fit_block_size was calculated as 0x1000 instead of 0x1020.
Add an extra parenthesis pair to fix it.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Marek Vasut <marex@denx.de>
Add HABv4 documentation extension for SPL targets covering the
following topics:
- How to sign an securely boot an flash.bin container image.
- How to extend the root of trust for additional boot images.
- Add SPL and fitImage CSF examples.
- Add signature generation script example.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <festevam@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Ye Li <ye.li@nxp.com>
Update the Kconfig entry to have the correct defaults for i.MX7
platforms, and move the existing large comment from imx7_spl.h to
doc/imx/common/imx7.txt so that it's not lost.
Signed-off-by: Tom Rini <trini@konsulko.com>
Update the Kconfig entry to have the correct defaults for i.MX6
platforms, and move the existing large comment from imx6_spl.h to
doc/imx/common/imx6.txt so that it's not lost.
Signed-off-by: Tom Rini <trini@konsulko.com>
This board has not been converted to CONFIG_DM by the deadline.
Remove it. As this is the last ARCH_MX25 platform, remove those
references as well.
Cc: Matthias Weisser <weisserm@arcor.de>
Cc: Stefano Babic <sbabic@denx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Having "i.MX7D/i.MX8MM SRC_GPR10 PERSIST_SECONDARY_BOOT for bootloader A/B
switching" at the top level of the documentation tree does not make sense.
Move it to board specific information.
Fixes: 59e3d1bd49 ("doc: imx: psb: Document usage of SRC_GPR10 PERSIST_SECONDARY_BOOT for A/B switching")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Due to copy-paste error, two of the setexpr arguments were missing.
Add the missing arguments.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Ye Li <ye.li@nxp.com>
Cc: uboot-imx <uboot-imx@nxp.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In reStructured text footnotes are referenced like [1]_.
Add missing underscores.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Marek Vasut <marex@denx.de>
Document SRC_GPR10 PERSIST_SECONDARY_BOOT functionality. This is useful for
reliable bootloader A/B updates, as it permits switching between two copies
of bootloader at different offsets of the same storage. The switch happens
in case one copy is corrupted OR can be enforced by user. This functionality
is present at least since i.MX53, however is poorly documented in all known
SoC datasheets, hence this document aims to clarify the usage, currently on
i.MX7D and i.MX8MM.
Signed-off-by: Marek Vasut <marex@denx.de> # Original MX7D work, this document
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> # All the MX8M work
Cc: Christoph Niedermaier <cniedermaier@dh-electronics.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Harald Seiler <hws@denx.de>
Cc: Igor Opaniuk <igor.opaniuk@foundries.io>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Ludwig Zenz <lzenz@dh-electronics.com>
Cc: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Ye Li <ye.li@nxp.com>
Cc: uboot-imx <uboot-imx@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.
Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.
=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.
The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
CCF clocks should always use the struct clock passed to their methods for
extracting the driver-specific clock information struct. Previously, many
functions would use the clk->dev->priv if the device was bound. This could
cause problems with composite clocks. The individual clocks in a composite
clock did not have the ->dev field filled in. This was fine, because the
device-specific clock information would be used. However, since there was
no ->dev, there was no way to get the parent clock. This caused the
recalc_rate method of the CCF divider clock to fail. One option would be to
use the clk->priv field to get the composite clock and from there get the
appropriate parent device. However, this would tie the implementation to
the composite clock. In general, different devices should not rely on the
contents of ->priv from another device.
The simple solution to this problem is to just always use the supplied
struct clock. The composite clock now fills in the ->dev pointer of its
child clocks. This allows child clocks to make calls like clk_get_parent()
without issue.
imx avoided the above problem by using a custom get_rate function with
composite clocks.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Acked-by: Lukasz Majewski <lukma@denx.de>
Add AHAB encrypted boot documentation for i.MX8/8x family devices
covering the following topics:
- How to encrypt and sign the 2nd container in flash.bin image.
- How to encrypt and sign a standalone container image.
Include a CSF example to encrypt 2nd container in flash.bin image.
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Catia Han <yaqian.han@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Update reference in many files detected by
scripts/documentation-file-ref-check
README.imximage => imx/mkimage/imximage.txt
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross
architecture purposes. If Secure Boot is required for imx, this means to
enable and use the HAB processor in the soc.
Signed-off-by: Stefano Babic <sbabic@denx.de>
This patch describes the design decisions considerations and taken approach
for porting in a separate documentation entry.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
The secure_boot.txt guide was replaced by mx6_mx7_secure_boot.txt and
mx6_mx7_spl_secure_boot.txt documents.
Both documents covers all steps needed for SPL and non-SPL tagets,
so remove secure_boot.txt file to avoid duplicated content.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
All guides are currently located at doc/imx/habv4/guides/ directory.
Move encrypted_boot.txt document to guides directory.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The current U-Boot implementation includes SPL targets for
some NXP development boards:
- mx6sabreauto_defconfig
- mx6sabresd_defconfig
- mx6ul_14x14_evk_defconfig
- mx6ul_9x9_evk_defconfig
Add additional steps needed to completly secure the
bootloader image.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Add HABv4 documentation for non-SPL targets covering the
following topics:
- How to sign an securely boot an u-boot-dtb.imx image.
- How to extend the root of trust for additional boot images.
- Add 3 CSF examples.
- Add IVT generation script example.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The HABv4 is supported in i.MX50, i.MX53, i.MX6, i.MX7,
series and i.MX 8M, i.MX8MM devices.
Add an introductory document containing the following topics:
- HABv4 Introduction
- HABv4 Secure Boot
- HABv4 Encrypted Boot
- HAB PKI tree generation
- HAB Fast Authentication PKI tree generation
- SRK Table and SRK Hash generation
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
There is no need to have an extra hab directory under doc/imx/.
Habv4 and AHAB documentation can be added directly in doc/imx/ for a
cleaner documentation structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
There is no need to have README in all i.MX documents name.
Remove README from i.MX docs name and add .txt file extension.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
The Serial Download Protocol feature is availible in various
i.MX SoCs.
Move README.sdp document to imx/misc directory.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The current High Assurance Boot document README.mxc_hab
include details for the following features in a single file:
- HAB Secure Boot
- HAB Encrypted Boot
Split HAB documentation in a specific directory for a cleaner
documentation structure, subsequent patches will include more
content in HAB documentation.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The following documents describe device details according to the
i.MX family:
- README.imx25
- README.imx27
- README.imx5
- README.imx6
- README.mxs
Move all device common related document to doc/imx/common for a better
directory structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The following documents describe the image type used by the mkimage
tool to generate U-Boot images for i.MX devices.
- README.imximage
- README.mxsimage
Move all mkimage related document to doc/imx/mkimage for a better
directory structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Currently the Serial Download Protocol tools and procedure are
documented in two places:
- doc/imx/README.sdp
- doc/imx/README.imx6
It is better to consolidate all SDP related information into
README.sdp file, so move the content from README.imx6 to
README.sdp.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Currently the U-Boot doc/ directory contains the following files
that are only relevant for i.MX devices:
- doc/README.imx25
- doc/README.imx27
- doc/README.imx5
- doc/README.imx6
- doc/README.imximage
- doc/README.mxc_hab
- doc/README.mxs
- doc/README.mxsimage
- doc/README.sdp
Move all content to a common i.MX folder for a better documentation
structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>