u-boot/arch/arm/mach-mvebu/Kconfig
Mario Six a1b6b0a9c1 arm: mvebu: Implement secure boot
The patch implements secure booting for the mvebu architecture.

This includes:
- The addition of secure headers and all needed signatures and keys in
  mkimage
- Commands capable of writing the board's efuses to both write the
  needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
  commands to write the efuses

The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:18 +01:00

184 lines
4 KiB
Text

if ARCH_MVEBU
config HAVE_MVEBU_EFUSE
bool
default n
config ARMADA_32BIT
bool
select CPU_V7
select SUPPORT_SPL
select SPL_DM
select SPL_DM_SEQ_ALIAS
select SPL_OF_CONTROL
select SPL_SIMPLE_BUS
select BOARD_EARLY_INIT_F
select ARCH_MISC_INIT
config ARMADA_64BIT
bool
select ARM64
# ARMv7 SoCs...
config ARMADA_375
bool
select ARMADA_32BIT
config ARMADA_38X
bool
select ARMADA_32BIT
select HAVE_MVEBU_EFUSE
config ARMADA_XP
bool
select ARMADA_32BIT
# ARMv8 SoCs...
config ARMADA_3700
bool
select ARM64
# Armada 7K and 8K are very similar - use only one Kconfig symbol for both
config ARMADA_8K
bool
select ARM64
# Armada PLL frequency (used for NAND clock generation)
config SYS_MVEBU_PLL_CLOCK
int
default "2000000000" if ARMADA_XP || ARMADA_3700 || ARMADA_8K
default "1000000000" if ARMADA_38X || ARMADA_375
# Armada XP/38x SoC types...
config MV78230
bool
select ARMADA_XP
config MV78260
bool
select ARMADA_XP
config MV78460
bool
select ARMADA_XP
config 88F6820
bool
select ARMADA_38X
choice
prompt "Armada XP/375/38x/3700/7K/8K board select"
optional
config TARGET_CLEARFOG
bool "Support ClearFog"
select 88F6820
config TARGET_MVEBU_DB_88F3720
bool "Support DB-88F3720 Armada 3720"
select ARMADA_3700
config TARGET_DB_88F6720
bool "Support DB-88F6720 Armada 375"
select ARMADA_375
config TARGET_DB_88F6820_GP
bool "Support DB-88F6820-GP"
select 88F6820
config TARGET_DB_88F6820_AMC
bool "Support DB-88F6820-AMC"
select 88F6820
config TARGET_MVEBU_ARMADA_8K
bool "Support Armada 7k/8k platforms"
select ARMADA_8K
select BOARD_LATE_INIT
config TARGET_DB_MV784MP_GP
bool "Support db-mv784mp-gp"
select MV78460
config TARGET_DS414
bool "Support Synology DS414"
select MV78230
config TARGET_MAXBCM
bool "Support maxbcm"
select MV78460
config TARGET_THEADORABLE
bool "Support theadorable Armada XP"
select BOARD_LATE_INIT if USB
select MV78260
endchoice
config SYS_BOARD
default "clearfog" if TARGET_CLEARFOG
default "mvebu_db-88f3720" if TARGET_MVEBU_DB_88F3720
default "db-88f6720" if TARGET_DB_88F6720
default "db-88f6820-gp" if TARGET_DB_88F6820_GP
default "db-88f6820-amc" if TARGET_DB_88F6820_AMC
default "mvebu_armada-8k" if TARGET_MVEBU_ARMADA_8K
default "db-mv784mp-gp" if TARGET_DB_MV784MP_GP
default "ds414" if TARGET_DS414
default "maxbcm" if TARGET_MAXBCM
default "theadorable" if TARGET_THEADORABLE
config SYS_CONFIG_NAME
default "clearfog" if TARGET_CLEARFOG
default "mvebu_db-88f3720" if TARGET_MVEBU_DB_88F3720
default "db-88f6720" if TARGET_DB_88F6720
default "db-88f6820-gp" if TARGET_DB_88F6820_GP
default "db-88f6820-amc" if TARGET_DB_88F6820_AMC
default "mvebu_armada-8k" if TARGET_MVEBU_ARMADA_8K
default "db-mv784mp-gp" if TARGET_DB_MV784MP_GP
default "ds414" if TARGET_DS414
default "maxbcm" if TARGET_MAXBCM
default "theadorable" if TARGET_THEADORABLE
config SYS_VENDOR
default "Marvell" if TARGET_DB_MV784MP_GP
default "Marvell" if TARGET_MVEBU_DB_88F3720
default "Marvell" if TARGET_DB_88F6720
default "Marvell" if TARGET_DB_88F6820_GP
default "Marvell" if TARGET_DB_88F6820_AMC
default "Marvell" if TARGET_MVEBU_ARMADA_8K
default "solidrun" if TARGET_CLEARFOG
default "Synology" if TARGET_DS414
config SYS_SOC
default "mvebu"
config MVEBU_EFUSE
bool "Enable eFuse support"
default n
depends on HAVE_MVEBU_EFUSE
help
Enable support for reading and writing eFuses on mvebu SoCs.
config MVEBU_EFUSE_FAKE
bool "Fake eFuse access (dry run)"
default n
depends on MVEBU_EFUSE
help
This enables a "dry run" mode where eFuses are not really programmed.
Instead the eFuse accesses are emulated by writing to and reading
from a memory block.
This is can be used for testing prog scripts.
config SECURED_MODE_IMAGE
bool "Build image for trusted boot"
default false
depends on 88F6820
help
Build an image that employs the ARMADA SoC's trusted boot framework
for securely booting images.
config SECURED_MODE_CSK_INDEX
int "Index of active CSK"
default 0
depends on SECURED_MODE_IMAGE
endif