diff options
| author | Mario Six <mario.six@gdsys.cc> | 2017-01-11 16:01:00 +0100 |
|---|---|---|
| committer | Stefan Roese <sr@denx.de> | 2017-02-01 09:04:18 +0100 |
| commit | a1b6b0a9c1f91756b93e6d804837dc178d79d39e (patch) | |
| tree | e66ce37c0d31f8ce1dac414cb470e1d2037a77f9 /arch/arm/mach-mvebu/Kconfig | |
| parent | 4991b4f7f1e55fed161462cefca7fe483fd3e477 (diff) | |
| download | u-boot-imx-a1b6b0a9c1f91756b93e6d804837dc178d79d39e.zip u-boot-imx-a1b6b0a9c1f91756b93e6d804837dc178d79d39e.tar.gz u-boot-imx-a1b6b0a9c1f91756b93e6d804837dc178d79d39e.tar.bz2 | |
arm: mvebu: Implement secure boot
The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
Diffstat (limited to 'arch/arm/mach-mvebu/Kconfig')
| -rw-r--r-- | arch/arm/mach-mvebu/Kconfig | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/arch/arm/mach-mvebu/Kconfig b/arch/arm/mach-mvebu/Kconfig index 53117c4..412bda4 100644 --- a/arch/arm/mach-mvebu/Kconfig +++ b/arch/arm/mach-mvebu/Kconfig @@ -1,5 +1,9 @@ if ARCH_MVEBU +config HAVE_MVEBU_EFUSE + bool + default n + config ARMADA_32BIT bool select CPU_V7 @@ -23,6 +27,7 @@ config ARMADA_375 config ARMADA_38X bool select ARMADA_32BIT + select HAVE_MVEBU_EFUSE config ARMADA_XP bool @@ -146,4 +151,34 @@ config SYS_VENDOR config SYS_SOC default "mvebu" +config MVEBU_EFUSE + bool "Enable eFuse support" + default n + depends on HAVE_MVEBU_EFUSE + help + Enable support for reading and writing eFuses on mvebu SoCs. + +config MVEBU_EFUSE_FAKE + bool "Fake eFuse access (dry run)" + default n + depends on MVEBU_EFUSE + help + This enables a "dry run" mode where eFuses are not really programmed. + Instead the eFuse accesses are emulated by writing to and reading + from a memory block. + This is can be used for testing prog scripts. + +config SECURED_MODE_IMAGE + bool "Build image for trusted boot" + default false + depends on 88F6820 + help + Build an image that employs the ARMADA SoC's trusted boot framework + for securely booting images. + +config SECURED_MODE_CSK_INDEX + int "Index of active CSK" + default 0 + depends on SECURED_MODE_IMAGE + endif |