On Fri, 26 Apr 2019 02:56:48 +0000 Breno Matheus Lima breno.lima@nxp.com wrote:
In certain i.MX devices the encrypted boot image is failing to boot.
According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices" it's necessary to pad CSF to 0x2000 and append DEK blob.
In this case the total image size in boot data structure must cover the entire binary otherwise the dek_blob won't be copied to memory and image won't be decrypted.
Increase CSF_SIZE to 0x4000 to avoid such issue when booting encrypted boot images.
Reviewed-by: Lukasz Majewski lukma@denx.de
Signed-off-by: Breno Lima breno.lima@nxp.com
include/configs/mx6_common.h | 2 +- include/configs/mx7_common.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/configs/mx6_common.h b/include/configs/mx6_common.h index 6b20c6db58..2b8ce9d71d 100644 --- a/include/configs/mx6_common.h +++ b/include/configs/mx6_common.h @@ -59,7 +59,7 @@
/* Secure boot (HAB) support */ #ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_CSF_SIZE 0x4000 #ifdef CONFIG_SPL_BUILD #define CONFIG_SPL_DRIVERS_MISC_SUPPORT #endif diff --git a/include/configs/mx7_common.h b/include/configs/mx7_common.h index cc7e87269e..f3167c51d4 100644 --- a/include/configs/mx7_common.h +++ b/include/configs/mx7_common.h @@ -48,7 +48,7 @@
/* Secure boot (HAB) support */ #ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_CSF_SIZE 0x4000 #ifdef CONFIG_SPL_BUILD #define CONFIG_SPL_DRIVERS_MISC_SUPPORT #endif
Best regards,
Lukasz Majewski
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma@denx.de