(header for Freescale's i.MX processors) to allow the usage of Freescale's tools to sign the u-boot image and provide a secure boot.
This has nothing to do with the Secure Boot extensions implemented by Simon Glass, that can be in any case used to boot later a secure image. Freescale's secure boot ensures that a signed bootloader is started only if it is verified with a key that is burned into the iMX fuses. Documentation about the Freescale's secure process can be read from the AN4591, available on the Freescale's Website.
The patchset allows to add to the imx Header the CSF (command Sequence File) generated by the tools provided by Freescale. The CSF is then simply concatenated to the u-boot image, making a signed bootloader, that the processor can verify if the fuses for the keys are burned. The processor (i.MX53 / i.MX6x) will not start a bootloader that cannot be verified - further infos how to configure the SOC to verify the bootloader can be found in the User Manual of the specific SOC.
Next step is to verify the kernel, that can be still done using Simon's patches for verified boot (CONFIG_OF_CONTROL must be set in the board configuarion file).
Changes in v2: - drop dead code (Marek Vasut) - Fix errors when SECURE_BOOT is selected due to enum - simplify display_event code (Marek Vasut) - compile hab code only if SECURE_BOOT is set (Fabio Estevam) - update licence with SPDX line according to new rules.
Stefano Babic (7): tools: imx_header should not include flash_offset tools: rename mximage_flash_offset to imximage_ivt_offset tools: dynamically allocate imx_header in imximage tools: add variable padding of data image in mkimage tools: add padding of data image file for imximage tools: add support for setting the CSF into imximage imx: add status reporting for HAB status
arch/arm/cpu/armv7/mx6/Makefile | 7 +- arch/arm/cpu/armv7/mx6/hab.c | 104 ++++++++++++++++++ arch/arm/include/asm/arch-mx6/hab.h | 67 ++++++++++++ arch/arm/include/asm/arch-mx6/imx-regs.h | 8 +- doc/README.imximage | 18 +++- doc/README.mxc_hab | 48 +++++++++ tools/imximage.c | 174 +++++++++++++++++++++++++++--- tools/imximage.h | 20 +++- tools/mkimage.c | 24 ++++- tools/mkimage.h | 5 +- 10 files changed, 444 insertions(+), 31 deletions(-) create mode 100644 arch/arm/cpu/armv7/mx6/hab.c create mode 100644 arch/arm/include/asm/arch-mx6/hab.h create mode 100644 doc/README.mxc_hab