When trying to build U-Boot for Wandboard with Secure Boot, the build fails because it tries to compile the dekblob commands within the SPL. The dekblob command depends on the CAAM driver, which is also not required in the SPL. Additionally, this blows the SPL up to a size beyond the limit of 69KiB in i.MX6DL OCRAM. Therefore I deactivate building the commands during SPL build.
Next I implemented HAB verification before jumping to the loaded image. To create images that are HAB compatible, I updated the mkimage tool and added some documentation. At last I try to make the signing process easier as the output of the mkimage tool will be preserverd within the build dir. The output contains informationen required to correctly sign HAB images.
Sven Ebenfeld (5): arm: imx: remove bmode , hdmidet and dek commands from SPL arm: imx: add HAB authentication of image to SPL boot tools: mkimage: add firmware-ivt image type for HAB verification doc: imx6: add section for secure boot with SPL Makefile: preserve output for images that can contain HAB Blocks
Makefile | 15 +++- arch/arm/imx-common/Makefile | 5 ++ arch/arm/imx-common/hab.c | 129 ++++++++++++++++++---------------- arch/arm/imx-common/spl.c | 25 +++++++ arch/arm/imx-common/spl_sd.cfg | 10 +++ arch/arm/include/asm/imx-common/hab.h | 2 + common/image.c | 6 ++ doc/README.imx6 | 49 +++++++++++++ include/configs/mx6_common.h | 3 + include/image.h | 1 + scripts/Makefile.lib | 2 +- scripts/Makefile.spl | 2 +- tools/default_image.c | 10 ++- tools/mkimage.c | 32 +++++++++ 14 files changed, 226 insertions(+), 65 deletions(-)