Greetings.
This set adds some helper functions as a pre-cursor to an upcoming set of changes to a BSP adding scripted HAB authentication.
Calculating a HAB IVT address based on a base address and a +/- offset is a trivial but, useful function for HAB. It means you can have a load address for a HAB image inside of your environment and specify the IVT offset relative to that address. All you need to do then is to call the function to obtain the correct IVT address to pass into hab_auth_img.
Two relatively minor changes then - one encasing the hab.h in ifndef __ASSEMBLY__ which is required if you want to include hab.h in a board.h.
Specifying the IVT padding size is again properly done as a define as opposed to a magic number in code.
The final patch then is wrappering up two common use-cases in the upcoming BSP - hab_auth_image ? continue-to-boot : drop-to-bootrom USB mode.
In other words if you fail to authenticate an image on the secure-boot path the appropriate next step is typically to drop into USB recovery mode.
In USB recovery mode you need to provide a signed image on a secure-boot (closed in the parlance) board. So hab_auth_img_or_fail() encapsulates that behaviour in one place - again allowing for scripting to reuse instead of replicate functionality over and over again.
These helper functions could all be buried in the board-port but, they are made available here in the hopes they will be of use to others.
Bryan O'Donoghue (4): imx: hab: Add routine to set HAB IVT address imx: hab: Encase majority of header in __ASSEMBLY__ declaration imx: hab: Specify IVT padding size imx: hab: Provide hab_auth_img_or_fail command
arch/arm/include/asm/mach-imx/hab.h | 9 ++++-- arch/arm/mach-imx/hab.c | 59 +++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 3 deletions(-)