| Commit message (Collapse) | Author | Age | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
To avoid security leak, check the IVT DCD pointer before authenticating
the kernel image. If the pointer is not 0, set back it to 0 and give a warning
like the log below.
Authenticate image from DDR location 0x80800000...
Warning, DCD pointer must be 0
Signed-off-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 083daef8d9206d53fb4fa9807f37b8ff5dc319c7)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add CAAM clock functions, SEC_CONFIG[1] fuse checking, and default CSF
size for HAB support boot on mx7ulp.
Users need to uncomment the CONFIG_SECURE_BOOT in mx7ulp_evk.h to build
secure uboot.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by : Stefano Babic <sbabic@denx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using HAB as secure boot mechanism on Wandboard, the chain of
trust breaks immediately after the SPL. As this is not checking
the authenticity of the loaded image before jumping to it.
The HAB status output will not be implemented in SPL as it adds
a lot of strings that are only required in debug cases. With those
it exceeds the maximum size of the available OCRAM (69 KiB).
The SPL MISC driver support must be enabled, so that the driver can use OTP fuse
to check if HAB is enabled.
Cc: sbabic@denx.de
v2-Changes: None
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Support i.MX6DQPlus, otherwise wrong hab address will be used
for i.MX6QDPlus.
Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: Ulises Cardenas <Ulises.Cardenas@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
|
| |
|
|
|
|
|
|
|
| |
Use simpler runtime cpu dection macros.
Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com>
Cc: "Benoît Thébaudeau" <benoit.thebaudeau.dev@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add i.MX6SOLO support for hab function.
The difference between i.MX6SOLO and i.MX6DL is
the number of CPU cores. Besides this, they work
the same.
Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com>
Cc: "Benoît Thébaudeau" <benoit.thebaudeau.dev@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add mx7 secure boot support, add helper macro IS_HAB_ENABLED_BIT
to get the corresponding bit mask per SoC (mx7 or mx6) to identify
if securue boot feature is enabled/disabled.
On authenticate_image only check for mmu enabled on mx6 SoC to
force pu_irom_mmu_enabled so ROM code can perform mmu cache flush
mx7 SoC ROM code does not have this issue as ROM enables cache support
based on fuse settings.
Signed-off-by: Adrian Alonso <aalonso@freescale.com>
|
| |
|
|
|
|
|
| |
Use read_fuse api fuction call to read secure boot fuse
settings (enabled/disabled).
Signed-off-by: Adrian Alonso <aalonso@freescale.com>
|
|
|
Rework secure boot support for imx6, move existing hab support
for imx6 into imx-common for SoC reuse.
Signed-off-by: Adrian Alonso <aalonso@freescale.com>
|
