u-boot/arch/arm/mach-imx/Kconfig
Breno Lima 30e39ac7c9 imx: imx7 Support for Manufacturing Protection
This code was originally developed by Raul Cardenas <raul.casas@nxp.com>
and modified to be applied in U-Boot imx_v2017.03.

More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.html

i.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.

The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.

The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.

Command usage:

Print the public key for the device.
- mfgprot pubk

Generates Signature over given data.
- mfgprot sign <data_address> <data_size>

Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00

143 lines
4.3 KiB
Text

config HAS_CAAM
bool
config IMX_CONFIG
string
config ROM_UNIFIED_SECTIONS
bool
config SYSCOUNTER_TIMER
bool
config GPT_TIMER
bool
config IMX_RDC
bool "i.MX Resource domain controller driver"
depends on ARCH_MX6 || ARCH_MX7
help
i.MX Resource domain controller is used to assign masters
and peripherals to differet domains. This can be used to
isolate resources.
config IMX_BOOTAUX
bool "Support boot auxiliary core"
depends on ARCH_MX7 || ARCH_MX6 || ARCH_VF610 || ARCH_IMX8M
help
bootaux [addr] to boot auxiliary core.
config IMX_MODULE_FUSE
bool "i.MX Module Fuse"
depends on ARCH_MX6
help
i.MX module fuse to runtime disable some driver, including
Linux OS device node.
config USE_IMXIMG_PLUGIN
bool "Use imximage plugin code"
depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX7ULP
help
i.MX6/7 supports DCD and Plugin. Enable this configuration
to use Plugin, otherwise DCD will be used.
config IMX_HAB
bool "Support i.MX HAB features"
depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
select FSL_CAAM if HAS_CAAM
imply CMD_DEKBLOB
help
This option enables the support for secure boot (HAB).
See doc/imx/habv4/* for more details.
config CSF_SIZE
hex "Maximum size for Command Sequence File (CSF) binary"
depends on IMX_HAB
default 0x2000 if ARCH_IMX8M
default 0x2060
help
Define the maximum size for Command Sequence File (CSF) binary
this information is used to define the image boot data.
config CMD_BMODE
bool "Support the 'bmode' command"
default y
depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
help
This enables the 'bmode' (bootmode) command for forcing
a boot from specific media.
This is useful for forcing the ROM's usb downloader to
activate upon a watchdog reset which is nice when iterating
on U-Boot. Using the reset button or running bmode normal
will set it back to normal. This command currently
supports i.MX53 and i.MX6.
config CMD_DEKBLOB
bool "Support the 'dek_blob' command"
help
This enables the 'dek_blob' command which is used with the
Freescale secure boot mechanism. This command encapsulates and
creates a blob of data. See also CMD_BLOB and doc/imx/habv4/* for
more information.
config CMD_HDMIDETECT
bool "Support the 'hdmidet' command"
help
This enables the 'hdmidet' command which detects if an HDMI monitor
is connected.
config CMD_NANDBCB
bool "i.MX6 NAND Boot Control Block(BCB) command"
depends on MTD_RAW_NAND && CMD_MTDPARTS
select BCH if MX6UL || MX6ULL
default y if ((ARCH_MX6 || ARCH_MX7 || ARCH_IMX8M) && NAND_MXS)
help
Unlike normal 'nand write/erase' commands, this command update
Boot Control Block(BCB) for i.MX6 platform NAND IP's.
This is similar to kobs-ng, which is used in Linux as separate
rootfs package.
config FSL_MFGPROT
bool "Support the 'mfgprot' command"
depends on IMX_HAB && ARCH_MX7
help
This option enables the manufacturing protection command
which can be used has a protection feature for Manufacturing
process. With this tool is possible to authenticate the
chip to the OEM's server.
config NXP_BOARD_REVISION
bool "Read NXP board revision from fuses"
depends on ARCH_MX6 || ARCH_MX7
help
NXP boards based on i.MX6/7 contain the board revision information
stored in the fuses. Select this option if you want to be able to
retrieve the board revision information.
config DDRMC_VF610_CALIBRATION
bool "Enable DDRMC (DDR3) on-chip calibration"
depends on ARCH_VF610
help
Vybrid (vf610) SoC provides some on-chip facility to tune the DDR3
memory parameters. Select this option if you want to calculate them
at boot time.
NOTE:
NXP does NOT recommend to perform this calibration at each boot. One
shall perform it on a new PCB and then use those values to program
the ddrmc_cr_setting on relevant board file.
config SPL_IMX_ROMAPI_LOADADDR
hex "Default load address to load image through ROM API"
depends on IMX8MN || IMX8MP
config IMX_DCD_ADDR
hex "DCD Blocks location on the image"
default 0x00910000 if !ARCH_MX7ULP
default 0x2f010000 if ARCH_MX7ULP
help
Indicates where the Device Configuration Data, a binary table used by
the ROM code to configure the device at early boot stage, is located.
This information is shared with the user via mkimage -l just so the
image can be signed.