mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-11 15:37:23 +00:00
613cf239ed
It is highly recommended to set the PRIBLOB bitfield to 0x3 once your encrypted boot image has booted up, this prevents the generation of new blobs that can be used to decrypt an encrypted boot image. The PRIBLOB is a sticky type bit and cannot be changed until the next power on reset. Add the set_priblob_bitfield U-Boot command to prevent the generation of new blobs. Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com> Acked-by: Ye Li <Ye.Li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
33 lines
940 B
C
33 lines
940 B
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* Copyright 2018 NXP
|
|
*/
|
|
|
|
/*
|
|
* Boot command to get and set the PRIBLOB bitfield form the SCFGR register
|
|
* of the CAAM IP. It is recommended to set this bitfield to 3 once your
|
|
* encrypted boot image is ready, to prevent the generation of blobs usable
|
|
* to decrypt an encrypted boot image.
|
|
*/
|
|
|
|
#include <asm/io.h>
|
|
#include <common.h>
|
|
#include <command.h>
|
|
#include "../drivers/crypto/fsl_caam_internal.h"
|
|
|
|
int do_priblob_write(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
|
|
{
|
|
writel((readl(CAAM_SCFGR) & 0xFFFFFFFC) | 3, CAAM_SCFGR);
|
|
printf("New priblob setting = 0x%x\n", readl(CAAM_SCFGR) & 0x3);
|
|
|
|
return 0;
|
|
}
|
|
|
|
U_BOOT_CMD(
|
|
set_priblob_bitfield, 1, 0, do_priblob_write,
|
|
"Set the PRIBLOB bitfield to 3",
|
|
"<value>\n"
|
|
" - Write 3 in PRIBLOB bitfield of SCFGR regiter of CAAM IP.\n"
|
|
" Prevent the generation of blobs usable to decrypt an\n"
|
|
" encrypted boot image."
|
|
);
|