diff options
author | Eric Sun <jian.sun@freescale.com> | 2012-03-30 20:18:16 +0800 |
---|---|---|
committer | Eric Sun <jian.sun@freescale.com> | 2012-04-01 15:19:56 +0800 |
commit | 87a0deee1cd9c2bd6d50af03b81377a90eb07eb4 (patch) | |
tree | 00ed443a17faf563d8b1d1dbae7ad3d9c94144d3 /lib_avr32 | |
parent | 9faa736fe5a1c3265d3888c2329abc6312e94213 (diff) | |
download | u-boot-imx-87a0deee1cd9c2bd6d50af03b81377a90eb07eb4.zip u-boot-imx-87a0deee1cd9c2bd6d50af03b81377a90eb07eb4.tar.gz u-boot-imx-87a0deee1cd9c2bd6d50af03b81377a90eb07eb4.tar.bz2 |
ENGR00139223-1 [MX6Q] Secure Boot, enable HAB on ARM2 platform (Stage 1)
The first stage of High Assurance Boot (HAB) is the authentication of
U-boot. A CST tool is used to generate the CSF data, which include
public key, certificate and instruction of authentication process. Then
it is attached to the original u-boot.bin
The IVT should be modified to contain a pointer to the CSF data. The original
u-boot.bin is with size between 0x27000 to 0x28000. For convinence, we first
extend the u-boot.bin to 0x2F000 (with fill 0xFF). Then concatenate it with
the CSF data. The combined image is again extend to a fixed length (0x31000),
which is used as the IVT size parameter.
The new memory layout is as the following.
U-Boot Image
+-------------+
| Blank |
|-------------| 0x400
| IVT |-----------------------+
|-------------| |
| | |
| | |
| | |
|Remaining UB | | CSF pointer
| | |
| | |
| | |
|-------------| |
| | |
| Fill Data | |
| | |
|-------------| 0x2F000 <-------------+
| |
| CSF Data |
| |
|-------------|
| |
| Fill Data |
| |
+-------------+ 0x31000
HAB APIs are ROM implemented, the entry table is located in a fixed
location in the ROM. We export them so that during the HAB we can
have some information about the secure boot process. For convinience
some wrapper API is implemented based on the HAB APIs.
- get_hab_status : used to dump information of authentication result
- authenticate_image : used by u-boot to authenticate uImage
For security hardware to function, CAAM related clock (CG0[4~6]) must
be open. They are default closed in the original U-boot.
"hab_caam_clock_enable" and "hab_caam_clock_disable" are created to
open and close these clock gates.
The generation of CSF data is not in the scope of this patch. CST tool
will be used for this purpose. The procedure will be introduced in
another document.
Signed-off-by: Eric Sun <jian.sun@freescale.com>
Diffstat (limited to 'lib_avr32')
0 files changed, 0 insertions, 0 deletions