summaryrefslogtreecommitdiff
path: root/doc/README.mxc_hab
AgeCommit message (Collapse)Author
2017-01-27README: mxc_hab: Adapt the CONFIG_SECURE_BOOT text to KconfigFabio Estevam
Commit 6e1f4d2652e79 ("arm: imx-common: add SECURE_BOOT option to Kconfig") moved the CONFIG_SECURE_BOOT option to Kconfig, so update the mxc_hab README file to reflect that. Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Gary Bisson <gary.bisson@boundarydevices.com>
2015-05-15Fix mxc_hab documenationUlises Cardenas
It is necessary to modify the configuration file for the target board. It wasn't well documented that to enable any of the secure boot modes, it is required to add CONFIG_SECURE_BOOT to the board configuration file. Also, fixed a typo in the encrypted boot section. Signed-off-by: Ulises Cardenas <Ulises.Cardenas@freescale.com>
2015-04-08Fix mxc_hab documenation for DEK blob generationUlises Cardenas
Include/fsl_sec.h defines sec_in and sec_out, according to the platform's endianess. Therefore, CONFIG_SYS_FSL_LE needs to be declared in the configuration file of the target, in order to use enable the DEK blob generation command. This requirement is not explicit in the README.mxc_hab. Signed-off-by: Ulises Cardenas <Ulises.Cardenas@freescale.com>
2015-03-02imx6: Added DEK blob generator commandRaul Cardenas
Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
2013-10-14Coding Style cleanup: replace leading SPACEs by TABsWolfgang Denk
Signed-off-by: Wolfgang Denk <wd@denx.de> [trini: Drop changes for PEP 4 following python tools] Signed-off-by: Tom Rini <trini@ti.com>
2013-08-31tools: add support for setting the CSF into imximageStefano Babic
Add support for setting the CSF (Command Sequence File) pointer which is used for HAB (High Assurance Boot) in the imximage by adding e.g. CSF 0x2000 in the imximage.cfg file. This will set the CSF pointer accordingly just after the padded data image area. The boot_data.length is adjusted with the value from the imximage.cfg config file. The resulting u-boot.imx can be signed with the FSL HAB tooling. The generated CSF block needs to be appended to the u-boot.imx. Signed-off-by: Stefano Babic <sbabic@denx.de>