14 Dec
2023
14 Dec
'23
5:30 p.m.
Hi Tim,
On Thu, Dec 14, 2023 at 1:25 PM Tim Harvey tharvey@gateworks.com wrote:
Prepare for DEK blob encapsulation support through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y
This option does not exist.
Do you mean CONFIG_IMX_HAB=y?