[PATCH 1/2] configs: imx8m{m, n, p}_venice_defconfig: add arch_misc_init
Enable call to arch_misc_init in order to probe the CAAM driver.
Signed-off-by: Tim Harvey tharvey@gateworks.com --- configs/imx8mm_venice_defconfig | 1 + configs/imx8mn_venice_defconfig | 1 + configs/imx8mp_venice_defconfig | 1 + 3 files changed, 3 insertions(+)
diff --git a/configs/imx8mm_venice_defconfig b/configs/imx8mm_venice_defconfig index 01cfb96b0ee2..04b738f5d9c5 100644 --- a/configs/imx8mm_venice_defconfig +++ b/configs/imx8mm_venice_defconfig @@ -31,6 +31,7 @@ CONFIG_OF_BOARD_SETUP=y CONFIG_OF_SYSTEM_SETUP=y CONFIG_USE_PREBOOT=y CONFIG_PREBOOT="gsc wd-disable" +CONFIG_ARCH_MISC_INIT=y CONFIG_BOARD_LATE_INIT=y CONFIG_SPL_HAS_BSS_LINKER_SECTION=y CONFIG_SPL_BSS_START_ADDR=0x910000 diff --git a/configs/imx8mn_venice_defconfig b/configs/imx8mn_venice_defconfig index 5d2e5a471cba..2f55a5b90fbb 100644 --- a/configs/imx8mn_venice_defconfig +++ b/configs/imx8mn_venice_defconfig @@ -32,6 +32,7 @@ CONFIG_OF_BOARD_SETUP=y CONFIG_OF_SYSTEM_SETUP=y CONFIG_USE_PREBOOT=y CONFIG_PREBOOT="gsc wd-disable" +CONFIG_ARCH_MISC_INIT=y CONFIG_BOARD_LATE_INIT=y CONFIG_SPL_MAX_SIZE=0x25000 CONFIG_SPL_HAS_BSS_LINKER_SECTION=y diff --git a/configs/imx8mp_venice_defconfig b/configs/imx8mp_venice_defconfig index 730c359779ac..d9c7018eeb8f 100644 --- a/configs/imx8mp_venice_defconfig +++ b/configs/imx8mp_venice_defconfig @@ -32,6 +32,7 @@ CONFIG_OF_BOARD_SETUP=y CONFIG_OF_SYSTEM_SETUP=y CONFIG_USE_PREBOOT=y CONFIG_PREBOOT="gsc wd-disable" +CONFIG_ARCH_MISC_INIT=y CONFIG_BOARD_LATE_INIT=y CONFIG_SPL_MAX_SIZE=0x26000 CONFIG_SPL_HAS_BSS_LINKER_SECTION=y
Prepare for DEK blob encapsulation support through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y
Taken from NXP's commit 56d2050f4028 ("imx8m: Add DEK blob encapsulation for imx8m").
Signed-off-by: Tim Harvey tharvey@gateworks.com --- arch/arm/dts/imx8mm-venice-u-boot.dtsi | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/arch/arm/dts/imx8mm-venice-u-boot.dtsi b/arch/arm/dts/imx8mm-venice-u-boot.dtsi index 8337c4aea807..b232002b8937 100644 --- a/arch/arm/dts/imx8mm-venice-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-venice-u-boot.dtsi @@ -11,6 +11,13 @@ wdt = <&wdog1>; bootph-pre-ram; }; + + firmware { + optee { + compatible = "linaro,optee-tz"; + method = "smc"; + }; + }; };
&gpio1 {
Hi Tim,
On Thu, Dec 14, 2023 at 1:25 PM Tim Harvey tharvey@gateworks.com wrote:
Prepare for DEK blob encapsulation support through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y
This option does not exist.
Do you mean CONFIG_IMX_HAB=y?
On Thu, Dec 14, 2023 at 8:30 AM Fabio Estevam festevam@gmail.com wrote:
Hi Tim,
On Thu, Dec 14, 2023 at 1:25 PM Tim Harvey tharvey@gateworks.com wrote:
Prepare for DEK blob encapsulation support through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y
This option does not exist.
Do you mean CONFIG_IMX_HAB=y?
Fabio,
The commit log details are not valid for upstream. I was basing this off of 8d060e4a66d6884341fbb3d8ab1d837a3f173d47 which made it upstream with the same message.
I can submit a v2 if necessary.
Best Regards,
Tim
Hi Tim,
On Fri, Dec 15, 2023 at 3:34 PM Tim Harvey tharvey@gateworks.com wrote:
Fabio,
The commit log details are not valid for upstream. I was basing this off of 8d060e4a66d6884341fbb3d8ab1d837a3f173d47 which made it upstream with the same message.
I can submit a v2 if necessary.
Yes, please submit a v2 and I will queue this series and the TPM one to u-boot-imx next.
Regards,
Fabio Estevam
On Fri, Dec 15, 2023 at 12:41 PM Fabio Estevam festevam@gmail.com wrote:
Hi Tim,
On Fri, Dec 15, 2023 at 3:34 PM Tim Harvey tharvey@gateworks.com wrote:
Fabio,
The commit log details are not valid for upstream. I was basing this off of 8d060e4a66d6884341fbb3d8ab1d837a3f173d47 which made it upstream with the same message.
I can submit a v2 if necessary.
Yes, please submit a v2 and I will queue this series and the TPM one to u-boot-imx next.
This node appears to already be in the imx8mm-u-boot.dtsi encapsulated by an #ifdef looking for optee. Can this ifdef be expanded to include CONFIG_SECURE_BOOT?
adam
Regards,
Fabio Estevam
On Fri, Dec 15, 2023 at 11:06 AM Adam Ford aford173@gmail.com wrote:
On Fri, Dec 15, 2023 at 12:41 PM Fabio Estevam festevam@gmail.com wrote:
Hi Tim,
On Fri, Dec 15, 2023 at 3:34 PM Tim Harvey tharvey@gateworks.com wrote:
Fabio,
The commit log details are not valid for upstream. I was basing this off of 8d060e4a66d6884341fbb3d8ab1d837a3f173d47 which made it upstream with the same message.
I can submit a v2 if necessary.
Yes, please submit a v2 and I will queue this series and the TPM one to u-boot-imx next.
This node appears to already be in the imx8mm-u-boot.dtsi encapsulated by an #ifdef looking for optee. Can this ifdef be expanded to include CONFIG_SECURE_BOOT?
Adam,
Thanks for reminding me of that... that was my submission.
This patch just needs to be dropped... it was a remnant from before bb6a4c55363c3 "(arm: dts: imx8mm: move firmware/optee node to common imx8mm-u-boot.dtsi")
I think it makes sense that the firmware/optee node is protected within a CONFIG_OPTEE
Best Regards,
Tim
On Thu, Dec 14, 2023 at 1:25 PM Tim Harvey tharvey@gateworks.com wrote:
Enable call to arch_misc_init in order to probe the CAAM driver.
Signed-off-by: Tim Harvey tharvey@gateworks.com
Applied only this one to u-boot-imx next, thanks.
participants (3)
-
Adam Ford -
Fabio Estevam -
Tim Harvey