summaryrefslogtreecommitdiff
path: root/drivers
diff options
context:
space:
mode:
authorEric Sun <jian.sun@freescale.com>2012-03-30 20:18:16 +0800
committerEric Sun <jian.sun@freescale.com>2012-04-01 15:19:56 +0800
commit87a0deee1cd9c2bd6d50af03b81377a90eb07eb4 (patch)
tree00ed443a17faf563d8b1d1dbae7ad3d9c94144d3 /drivers
parent9faa736fe5a1c3265d3888c2329abc6312e94213 (diff)
downloadu-boot-imx-87a0deee1cd9c2bd6d50af03b81377a90eb07eb4.zip
u-boot-imx-87a0deee1cd9c2bd6d50af03b81377a90eb07eb4.tar.gz
u-boot-imx-87a0deee1cd9c2bd6d50af03b81377a90eb07eb4.tar.bz2
ENGR00139223-1 [MX6Q] Secure Boot, enable HAB on ARM2 platform (Stage 1)
The first stage of High Assurance Boot (HAB) is the authentication of U-boot. A CST tool is used to generate the CSF data, which include public key, certificate and instruction of authentication process. Then it is attached to the original u-boot.bin The IVT should be modified to contain a pointer to the CSF data. The original u-boot.bin is with size between 0x27000 to 0x28000. For convinence, we first extend the u-boot.bin to 0x2F000 (with fill 0xFF). Then concatenate it with the CSF data. The combined image is again extend to a fixed length (0x31000), which is used as the IVT size parameter. The new memory layout is as the following. U-Boot Image +-------------+ | Blank | |-------------| 0x400 | IVT |-----------------------+ |-------------| | | | | | | | | | | |Remaining UB | | CSF pointer | | | | | | | | | |-------------| | | | | | Fill Data | | | | | |-------------| 0x2F000 <-------------+ | | | CSF Data | | | |-------------| | | | Fill Data | | | +-------------+ 0x31000 HAB APIs are ROM implemented, the entry table is located in a fixed location in the ROM. We export them so that during the HAB we can have some information about the secure boot process. For convinience some wrapper API is implemented based on the HAB APIs. - get_hab_status : used to dump information of authentication result - authenticate_image : used by u-boot to authenticate uImage For security hardware to function, CAAM related clock (CG0[4~6]) must be open. They are default closed in the original U-boot. "hab_caam_clock_enable" and "hab_caam_clock_disable" are created to open and close these clock gates. The generation of CSF data is not in the scope of this patch. CST tool will be used for this purpose. The procedure will be introduced in another document. Signed-off-by: Eric Sun <jian.sun@freescale.com>
Diffstat (limited to 'drivers')
0 files changed, 0 insertions, 0 deletions