RE: [PATCH 24/30] arm: imx: Finish migration of CONFIG_CSF_SIZE to Kconfig
Hi Tom,
-----Original Message----- From: Tom Rini trini@konsulko.com Sent: 2020年6月11日 20:12 To: Ye Li ye.li@nxp.com Cc: u-boot@lists.denx.de; Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; dl-uboot-imx uboot-imx@nxp.com Subject: Re: [EXT] [PATCH 24/30] arm: imx: Finish migration of CONFIG_CSF_SIZE to Kconfig
On Thu, Jun 11, 2020 at 05:28:45AM +0000, Ye Li wrote:
Hi Tom,
-----Original Message----- From: Tom Rini trini@konsulko.com Sent: 2020年6月11日 4:16 To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; dl-uboot-imx uboot-imx@nxp.com Subject: [EXT] [PATCH 24/30] arm: imx: Finish migration of CONFIG_CSF_SIZE to Kconfig
Caution: EXT Email
While the normal case of CSF_SIZE is handled via Kconfig we have entries in config headers related to CONFIG_SECURE_BOOT. However in commit d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with CONFIG_IMX_HAB") this was renamed to CONFIG_IMX_HAB. Update
the
CSF_SIZE entry to have the correct default value if we have IMX_HAB enabled.
Cc: Stefano Babic sbabic@denx.de Cc: Fabio Estevam festevam@gmail.com Cc: NXP i.MX U-Boot Team uboot-imx@nxp.com Fixes: d714a75fd4dc ("imx: replace CONFIG_SECURE_BOOT with CONFIG_IMX_HAB") Signed-off-by: Tom Rini trini@konsulko.com
arch/arm/mach-imx/Kconfig | 1 + include/configs/imx8mm_beacon.h | 4 ---- include/configs/imx8mm_evk.h | 4 ---- include/configs/imx8mn_evk.h | 4 ---- include/configs/imx8mp_evk.h | 4 ---- include/configs/verdin-imx8mm.h | 4 ---- 6 files changed, 1 insertion(+), 20 deletions(-)
diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index 6c3fedf665d6..0648c2725bf8 100644 --- a/arch/arm/mach-imx/Kconfig +++ b/arch/arm/mach-imx/Kconfig @@ -52,6 +52,7 @@ config IMX_HAB
config CSF_SIZE hex "Maximum size for Command Sequence File (CSF) binary"
default 0x2000 if IMX_HABI suggest using "default 0x2000 if ARCH_IMX8M", because i.MX6/7 may also
enable IMX_HAB.
So ARCH_IMX8M && IMX_HAB? I would have expected the CSF size to be limited in all cases from the default value due to something security related eating up that 0x60 in overhead. Is that not the case? Thanks!
No, it is related to implementation on iMX8M. You don't need to add "&& IMX_HAB". But you could add 'depend on IMX_HAB' for the CSF_SIZE config. Because this config is only used when IMX_HAB is enabled.
This 0x60 overhead is actually for dek blob used by encrypted boot. While using fit on iMX8M, we will move this dek blob into fit as a standalone image, so it does not occupy extra space in CSF.
Best regards, Ye Li
-- Tom
participants (1)
-
Ye Li