review.tizen.org Git - platform/kernel/u-boot.git/commit

author	Clement Faure <clement.faure@nxp.com>
	Thu, 25 Mar 2021 09:30:33 +0000 (17:30 +0800)
committer	Stefano Babic <sbabic@denx.de>
	Thu, 8 Apr 2021 18:29:52 +0000 (20:29 +0200)
commit	56d2050f40287fe46757d4cbe69d62a1381c3c64
tree	e0306aa0489ba7b4bc923c2c5cc875b03cfabb04	tree \| snapshot
parent	613cf239ed490f900b8f822df4a2d5a1a27d7a47	commit \| diff

imx8m: Add DEK blob encapsulation for imx8m

Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.

To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>

arch/arm/dts/imx8mm-evk-u-boot.dtsi		diff \| blob \| history
arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi		diff \| blob \| history
arch/arm/dts/imx8mp-evk-u-boot.dtsi		diff \| blob \| history
arch/arm/mach-imx/Kconfig		diff \| blob \| history
arch/arm/mach-imx/cmd_dek.c		diff \| blob \| history
drivers/crypto/fsl/Makefile		diff \| blob \| history
include/fsl_sec.h		diff \| blob \| history