On Sun, Nov 6, 2016 at 9:37 AM, Sven Ebenfeld sven.ebenfeld@gmail.com wrote:
When using HAB as secure boot mechanism on Wandboard, the chain of trust breaks immediately after the SPL. As this is not checking the authenticity of the loaded image before jumping to it.
The HAB status output will not be implemented in SPL as it adds a lot of strings that are only required in debug cases. With those it exceeds the maximum size of the available OCRAM (69 KiB).
The SPL MISC driver support must be enabled, so that the driver can use OTP fuse to check if HAB is enabled.
Cc: sbabic@denx.de
v2-Changes: None
Signed-off-by: Sven Ebenfeld sven.ebenfeld@gmail.com
arch/arm/imx-common/hab.c | 129 ++++++++++++++++++---------------- arch/arm/imx-common/spl.c | 25 +++++++ arch/arm/imx-common/spl_sd.cfg | 10 +++ arch/arm/include/asm/imx-common/hab.h | 2 + include/configs/mx6_common.h | 3 + 5 files changed, 110 insertions(+), 59 deletions(-)
Reviewed-by: George McCollister george.mccollister@gmail.com Tested-by: George McCollister george.mccollister@gmail.com