Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2024-11-12 16:07:30 +00:00
Code Issues Projects Releases Packages Wiki Activity
u-boot/arch/arm/mach-imx/Kconfig
Breno Matheus Lima 5b20d141f2 imx: Kconfig: Reduce default CONFIG_CSF_SIZE 
The default CSF_SIZE defined in Kconfig is too high and SPL cannot
fit into the OCRAM in certain cases.

The CSF cannot achieve 0x2000 length when using RSA 4K key which is
the largest key size supported by HABv4.

According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
it's recommended to pad CSF binary to 0x2000 and append DEK blob to
deploy encrypted boot images.

As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060
which should cover both CSF and DEK blob length.

Update default_image.c and image.c to align with this change and avoid
a U-Boot proper authentication failure in HAB closed devices:

Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x32 length=0x6131 version=0x38
bad length magic=0x32 length=0x6131 version=0x38
bad version magic=0x32 length=0x6131 version=0x38
spl: ERROR:  image authentication fail

Fixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets")

Reported-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-10-08 16:36:36 +02:00

110 lines
3.2 KiB
Text
Raw Blame History

config HAS_CAAM
bool
config IMX_CONFIG
string
config ROM_UNIFIED_SECTIONS
bool
config SYSCOUNTER_TIMER
bool
config GPT_TIMER
bool
config IMX_RDC
bool "i.MX Resource domain controller driver"
depends on ARCH_MX6 || ARCH_MX7
help
i.MX Resource domain controller is used to assign masters
and peripherals to differet domains. This can be used to
isolate resources.
config IMX_BOOTAUX
bool "Support boot auxiliary core"
depends on ARCH_MX7 || ARCH_MX6 || ARCH_VF610
help
bootaux [addr] to boot auxiliary core.
config USE_IMXIMG_PLUGIN
bool "Use imximage plugin code"
depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX7ULP
help
i.MX6/7 supports DCD and Plugin. Enable this configuration
to use Plugin, otherwise DCD will be used.
config SECURE_BOOT
bool "Support i.MX HAB features"
depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
select FSL_CAAM if HAS_CAAM
imply CMD_DEKBLOB
help
This option enables the support for secure boot (HAB).
See doc/README.mxc_hab for more details.
config CSF_SIZE
hex "Maximum size for Command Sequence File (CSF) binary"
default 0x2060
help
Define the maximum size for Command Sequence File (CSF) binary
this information is used to define the image boot data.
config CMD_BMODE
bool "Support the 'bmode' command"
default y
depends on ARCH_MX6 || ARCH_MX5
help
This enables the 'bmode' (bootmode) command for forcing
a boot from specific media.
This is useful for forcing the ROM's usb downloader to
activate upon a watchdog reset which is nice when iterating
on U-Boot. Using the reset button or running bmode normal
will set it back to normal. This command currently
supports i.MX53 and i.MX6.
config CMD_DEKBLOB
bool "Support the 'dek_blob' command"
help
This enables the 'dek_blob' command which is used with the
Freescale secure boot mechanism. This command encapsulates and
creates a blob of data. See also CMD_BLOB and doc/README.mxc_hab for
more information.
config CMD_HDMIDETECT
bool "Support the 'hdmidet' command"
help
This enables the 'hdmidet' command which detects if an HDMI monitor
is connected.
config CMD_NANDBCB
bool "i.MX6 NAND Boot Control Block(BCB) command"
depends on NAND && CMD_MTDPARTS
default y if ARCH_MX6 && NAND_MXS
help
Unlike normal 'nand write/erase' commands, this command update
Boot Control Block(BCB) for i.MX6 platform NAND IP's.
This is similar to kobs-ng, which is used in Linux as separate
rootfs package.
config NXP_BOARD_REVISION
bool "Read NXP board revision from fuses"
depends on ARCH_MX6 || ARCH_MX7
help
NXP boards based on i.MX6/7 contain the board revision information
stored in the fuses. Select this option if you want to be able to
retrieve the board revision information.
config DDRMC_VF610_CALIBRATION
bool "Enable DDRMC (DDR3) on-chip calibration"
depends on ARCH_VF610
help
Vybrid (vf610) SoC provides some on-chip facility to tune the DDR3
memory parameters. Select this option if you want to calculate them
at boot time.
NOTE:
NXP does NOT recommend to perform this calibration at each boot. One
shall perform it on a new PCB and then use those values to program
the ddrmc_cr_setting on relevant board file.
Reference in a new issue View git blame Copy permalink