[U-Boot] [PATCH] pico-imx7d: Add support for secure boot
Add a new defconfig to enable secure boot on pico-imx7d.
Signed-off-by: Vanessa Maegima vanessa.maegima@nxp.com --- board/technexion/pico-imx7d/MAINTAINERS | 1 + board/technexion/pico-imx7d/pico-imx7d.c | 9 +++++++- configs/pico-imx7d_secure_defconfig | 35 ++++++++++++++++++++++++++++++++ 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 configs/pico-imx7d_secure_defconfig
diff --git a/board/technexion/pico-imx7d/MAINTAINERS b/board/technexion/pico-imx7d/MAINTAINERS index 3ab1aa6..3dd8bd6 100644 --- a/board/technexion/pico-imx7d/MAINTAINERS +++ b/board/technexion/pico-imx7d/MAINTAINERS @@ -4,3 +4,4 @@ S: Maintained F: board/technexion/pico-imx7d/ F: include/configs/pico-imx7d.h F: configs/pico-imx7d_defconfig +F: configs/pico-imx7d_secure_defconfig diff --git a/board/technexion/pico-imx7d/pico-imx7d.c b/board/technexion/pico-imx7d/pico-imx7d.c index b4c9be7..988f8a5 100644 --- a/board/technexion/pico-imx7d/pico-imx7d.c +++ b/board/technexion/pico-imx7d/pico-imx7d.c @@ -278,7 +278,14 @@ int board_late_init(void)
int checkboard(void) { - puts("Board: i.MX7D PICOSOM\n"); + char *mode; + + if (IS_ENABLED(CONFIG_ARMV7_BOOT_SEC_DEFAULT)) + mode = "secure"; + else + mode = "non-secure"; + + printf("Board: i.MX7D PICOSOM in %s mode\n", mode);
return 0; } diff --git a/configs/pico-imx7d_secure_defconfig b/configs/pico-imx7d_secure_defconfig new file mode 100644 index 0000000..5d4e016 --- /dev/null +++ b/configs/pico-imx7d_secure_defconfig @@ -0,0 +1,35 @@ +CONFIG_ARM=y +CONFIG_ARCH_MX7=y +CONFIG_TARGET_PICO_IMX7D=y +CONFIG_ARMV7_BOOT_SEC_DEFAULT=y +CONFIG_IMX_RDC=y +CONFIG_SYS_EXTRA_OPTIONS="IMX_CONFIG=board/technexion/pico-imx7d/imximage.cfg" +CONFIG_HUSH_PARSER=y +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_BOOTD is not set +# CONFIG_CMD_IMI is not set +# CONFIG_CMD_IMLS is not set +# CONFIG_CMD_XIMG is not set +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_MMC=y +CONFIG_CMD_PART=y +CONFIG_CMD_I2C=y +CONFIG_CMD_GPIO=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_USB=y +CONFIG_CMD_USB_MASS_STORAGE=y +CONFIG_USB=y +CONFIG_USB_EHCI_HCD=y +CONFIG_MXC_USB_OTG_HACTIVE=y +CONFIG_USB_STORAGE=y +CONFIG_USB_GADGET=y +CONFIG_CI_UDC=y +CONFIG_USB_GADGET_DOWNLOAD=y +CONFIG_G_DNL_MANUFACTURER="FSL" +CONFIG_G_DNL_VENDOR_NUM=0x0525 +CONFIG_G_DNL_PRODUCT_NUM=0xa4a5 +CONFIG_OF_LIBFDT=y
Hi Vanessa,
On Wed, Aug 23, 2017 at 11:05 AM, Vanessa Maegima vanessa.maegima@nxp.com wrote:
Add a new defconfig to enable secure boot on pico-imx7d.
Please explain in the commit log why you are adding this new defconfig.
Anyway, I understant that this could be useful if someone tries to boot this board with NXP 4.1.15 kernel.
Not sure it is worth the effort of adding a new defconfig only for this purpose as mainline kernel can be used with existing U-Boot defconfig.
Hi Fabio,
On Wed, Aug 23, 2017 at 11:11 AM, Fabio Estevam festevam@gmail.com wrote:
Hi Vanessa,
On Wed, Aug 23, 2017 at 11:05 AM, Vanessa Maegima vanessa.maegima@nxp.com wrote:
Add a new defconfig to enable secure boot on pico-imx7d.
Please explain in the commit log why you are adding this new defconfig.
Anyway, I understant that this could be useful if someone tries to boot this board with NXP 4.1.15 kernel.
Not sure it is worth the effort of adding a new defconfig only for this purpose as mainline kernel can be used with existing U-Boot defconfig.
I made this patch to enable booting with linux-fslc 4.1 kernel, but if you think it is not worth maintaining a new defconfig we can skip it.
Hi Vanessa,
On 23/08/2017 18:16, Vanessa Ayumi Maegima wrote:
Hi Fabio,
On Wed, Aug 23, 2017 at 11:11 AM, Fabio Estevam <festevam@gmail.com mailto:festevam@gmail.com> wrote:
Hi Vanessa, On Wed, Aug 23, 2017 at 11:05 AM, Vanessa Maegima <vanessa.maegima@nxp.com <mailto:vanessa.maegima@nxp.com>> wrote: > Add a new defconfig to enable secure boot on pico-imx7d. Please explain in the commit log why you are adding this new defconfig. Anyway, I understant that this could be useful if someone tries to boot this board with NXP 4.1.15 kernel. Not sure it is worth the effort of adding a new defconfig only for this purpose as mainline kernel can be used with existing U-Boot defconfig.I made this patch to enable booting with linux-fslc 4.1 kernel, but if you think it is not worth maintaining a new defconfig we can skip it.
I agree that adding a new defconfig just for it seems overkilling (we have to maintain, etc.). But you can maybe add documentation in the README file, adding a section for NXP 4.1 kernel, and explaining how to setup U-Boot with secure boot (with "make menuconfig, etc.).
Best regards, Stefano
participants (4)
-
Fabio Estevam -
Stefano Babic -
Vanessa Ayumi Maegima -
Vanessa Maegima