diff options
| author | Clement Faure <clement.faure@nxp.com> | 2021-03-25 12:30:33 +0300 |
|---|---|---|
| committer | Stefano Babic <sbabic@denx.de> | 2021-04-08 21:29:52 +0300 |
| commit | 56d2050f40287fe46757d4cbe69d62a1381c3c64 (patch) | |
| tree | e0306aa0489ba7b4bc923c2c5cc875b03cfabb04 /include/fsl_sec.h | |
| parent | 613cf239ed490f900b8f822df4a2d5a1a27d7a47 (diff) | |
| download | u-boot-56d2050f40287fe46757d4cbe69d62a1381c3c64.tar.xz | |
imx8m: Add DEK blob encapsulation for imx8m
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Diffstat (limited to 'include/fsl_sec.h')
| -rw-r--r-- | include/fsl_sec.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/fsl_sec.h b/include/fsl_sec.h index 09ce916297..c4121696f8 100644 --- a/include/fsl_sec.h +++ b/include/fsl_sec.h @@ -28,6 +28,8 @@ #error Neither CONFIG_SYS_FSL_SEC_LE nor CONFIG_SYS_FSL_SEC_BE is defined #endif +#define BLOB_SIZE(x) ((x) + 32 + 16) /* Blob buffer size */ + /* Security Engine Block (MS = Most Sig., LS = Least Sig.) */ #if CONFIG_SYS_FSL_SEC_COMPAT >= 4 /* RNG4 TRNG test registers */ @@ -265,8 +267,6 @@ struct sg_entry { #define SG_ENTRY_OFFSET_SHIFT 0 }; -#define BLOB_SIZE(x) ((x) + 32 + 16) /* Blob buffer size */ - #if defined(CONFIG_MX6) || defined(CONFIG_MX7) || \ defined(CONFIG_MX7ULP) || defined(CONFIG_IMX8M) /* Job Ring Base Address */ |