mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-04 02:20:25 +00:00
5b20d141f2
The default CSF_SIZE defined in Kconfig is too high and SPL cannot fit into the OCRAM in certain cases. The CSF cannot achieve 0x2000 length when using RSA 4K key which is the largest key size supported by HABv4. According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices" it's recommended to pad CSF binary to 0x2000 and append DEK blob to deploy encrypted boot images. As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060 which should cover both CSF and DEK blob length. Update default_image.c and image.c to align with this change and avoid a U-Boot proper authentication failure in HAB closed devices: Authenticate image from DDR location 0x877fffc0... bad magic magic=0x32 length=0x6131 version=0x38 bad length magic=0x32 length=0x6131 version=0x38 bad version magic=0x32 length=0x6131 version=0x38 spl: ERROR: image authentication fail Fixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets") Reported-by: Jagan Teki <jagan@amarulasolutions.com> Signed-off-by: Breno Lima <breno.lima@nxp.com>
110 lines
3.2 KiB
Text
110 lines
3.2 KiB
Text
config HAS_CAAM
|
|
bool
|
|
|
|
config IMX_CONFIG
|
|
string
|
|
|
|
config ROM_UNIFIED_SECTIONS
|
|
bool
|
|
|
|
config SYSCOUNTER_TIMER
|
|
bool
|
|
|
|
config GPT_TIMER
|
|
bool
|
|
|
|
config IMX_RDC
|
|
bool "i.MX Resource domain controller driver"
|
|
depends on ARCH_MX6 || ARCH_MX7
|
|
help
|
|
i.MX Resource domain controller is used to assign masters
|
|
and peripherals to differet domains. This can be used to
|
|
isolate resources.
|
|
|
|
config IMX_BOOTAUX
|
|
bool "Support boot auxiliary core"
|
|
depends on ARCH_MX7 || ARCH_MX6 || ARCH_VF610
|
|
help
|
|
bootaux [addr] to boot auxiliary core.
|
|
|
|
config USE_IMXIMG_PLUGIN
|
|
bool "Use imximage plugin code"
|
|
depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX7ULP
|
|
help
|
|
i.MX6/7 supports DCD and Plugin. Enable this configuration
|
|
to use Plugin, otherwise DCD will be used.
|
|
|
|
config SECURE_BOOT
|
|
bool "Support i.MX HAB features"
|
|
depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5
|
|
select FSL_CAAM if HAS_CAAM
|
|
imply CMD_DEKBLOB
|
|
help
|
|
This option enables the support for secure boot (HAB).
|
|
See doc/README.mxc_hab for more details.
|
|
|
|
config CSF_SIZE
|
|
hex "Maximum size for Command Sequence File (CSF) binary"
|
|
default 0x2060
|
|
help
|
|
Define the maximum size for Command Sequence File (CSF) binary
|
|
this information is used to define the image boot data.
|
|
|
|
config CMD_BMODE
|
|
bool "Support the 'bmode' command"
|
|
default y
|
|
depends on ARCH_MX6 || ARCH_MX5
|
|
help
|
|
This enables the 'bmode' (bootmode) command for forcing
|
|
a boot from specific media.
|
|
|
|
This is useful for forcing the ROM's usb downloader to
|
|
activate upon a watchdog reset which is nice when iterating
|
|
on U-Boot. Using the reset button or running bmode normal
|
|
will set it back to normal. This command currently
|
|
supports i.MX53 and i.MX6.
|
|
|
|
config CMD_DEKBLOB
|
|
bool "Support the 'dek_blob' command"
|
|
help
|
|
This enables the 'dek_blob' command which is used with the
|
|
Freescale secure boot mechanism. This command encapsulates and
|
|
creates a blob of data. See also CMD_BLOB and doc/README.mxc_hab for
|
|
more information.
|
|
|
|
config CMD_HDMIDETECT
|
|
bool "Support the 'hdmidet' command"
|
|
help
|
|
This enables the 'hdmidet' command which detects if an HDMI monitor
|
|
is connected.
|
|
|
|
config CMD_NANDBCB
|
|
bool "i.MX6 NAND Boot Control Block(BCB) command"
|
|
depends on NAND && CMD_MTDPARTS
|
|
default y if ARCH_MX6 && NAND_MXS
|
|
help
|
|
Unlike normal 'nand write/erase' commands, this command update
|
|
Boot Control Block(BCB) for i.MX6 platform NAND IP's.
|
|
|
|
This is similar to kobs-ng, which is used in Linux as separate
|
|
rootfs package.
|
|
|
|
config NXP_BOARD_REVISION
|
|
bool "Read NXP board revision from fuses"
|
|
depends on ARCH_MX6 || ARCH_MX7
|
|
help
|
|
NXP boards based on i.MX6/7 contain the board revision information
|
|
stored in the fuses. Select this option if you want to be able to
|
|
retrieve the board revision information.
|
|
|
|
config DDRMC_VF610_CALIBRATION
|
|
bool "Enable DDRMC (DDR3) on-chip calibration"
|
|
depends on ARCH_VF610
|
|
help
|
|
Vybrid (vf610) SoC provides some on-chip facility to tune the DDR3
|
|
memory parameters. Select this option if you want to calculate them
|
|
at boot time.
|
|
NOTE:
|
|
NXP does NOT recommend to perform this calibration at each boot. One
|
|
shall perform it on a new PCB and then use those values to program
|
|
the ddrmc_cr_setting on relevant board file.
|