| Message ID | 1556247347-68-1-git-send-email-breno.lima@nxp.com |
|---|---|
| State | Accepted |
| Commit | 0633e134784aba58ee664e9fbcee4afe1588d2be |
| Delegated to: | Stefano Babic |
| Headers | show |
| Series | [U-Boot] imx: hab: Increase CSF_SIZE for i.MX6 and i.MX7 devices | expand |
On Fri, 26 Apr 2019 02:56:48 +0000 Breno Matheus Lima <breno.lima@nxp.com> wrote: > In certain i.MX devices the encrypted boot image is failing to boot. > > According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled > Devices" it's necessary to pad CSF to 0x2000 and append DEK blob. > > In this case the total image size in boot data structure must cover > the entire binary otherwise the dek_blob won't be copied to memory > and image won't be decrypted. > > Increase CSF_SIZE to 0x4000 to avoid such issue when booting encrypted > boot images. Reviewed-by: Lukasz Majewski <lukma@denx.de> > > Signed-off-by: Breno Lima <breno.lima@nxp.com> > --- > include/configs/mx6_common.h | 2 +- > include/configs/mx7_common.h | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/configs/mx6_common.h > b/include/configs/mx6_common.h index 6b20c6db58..2b8ce9d71d 100644 > --- a/include/configs/mx6_common.h > +++ b/include/configs/mx6_common.h > @@ -59,7 +59,7 @@ > > /* Secure boot (HAB) support */ > #ifdef CONFIG_SECURE_BOOT > -#define CONFIG_CSF_SIZE 0x2000 > +#define CONFIG_CSF_SIZE 0x4000 > #ifdef CONFIG_SPL_BUILD > #define CONFIG_SPL_DRIVERS_MISC_SUPPORT > #endif > diff --git a/include/configs/mx7_common.h > b/include/configs/mx7_common.h index cc7e87269e..f3167c51d4 100644 > --- a/include/configs/mx7_common.h > +++ b/include/configs/mx7_common.h > @@ -48,7 +48,7 @@ > > /* Secure boot (HAB) support */ > #ifdef CONFIG_SECURE_BOOT > -#define CONFIG_CSF_SIZE 0x2000 > +#define CONFIG_CSF_SIZE 0x4000 > #ifdef CONFIG_SPL_BUILD > #define CONFIG_SPL_DRIVERS_MISC_SUPPORT > #endif Best regards, Lukasz Majewski -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma@denx.de
On Thu, Apr 25, 2019 at 11:56 PM Breno Matheus Lima <breno.lima@nxp.com> wrote: > > In certain i.MX devices the encrypted boot image is failing to boot. > > According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices" > it's necessary to pad CSF to 0x2000 and append DEK blob. > > In this case the total image size in boot data structure must cover the > entire binary otherwise the dek_blob won't be copied to memory and image > won't be decrypted. > > Increase CSF_SIZE to 0x4000 to avoid such issue when booting encrypted > boot images. > > Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <festevam@gmail.com>
diff --git a/include/configs/mx6_common.h b/include/configs/mx6_common.h index 6b20c6db58..2b8ce9d71d 100644 --- a/include/configs/mx6_common.h +++ b/include/configs/mx6_common.h @@ -59,7 +59,7 @@ /* Secure boot (HAB) support */ #ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_CSF_SIZE 0x4000 #ifdef CONFIG_SPL_BUILD #define CONFIG_SPL_DRIVERS_MISC_SUPPORT #endif diff --git a/include/configs/mx7_common.h b/include/configs/mx7_common.h index cc7e87269e..f3167c51d4 100644 --- a/include/configs/mx7_common.h +++ b/include/configs/mx7_common.h @@ -48,7 +48,7 @@ /* Secure boot (HAB) support */ #ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_CSF_SIZE 0x4000 #ifdef CONFIG_SPL_BUILD #define CONFIG_SPL_DRIVERS_MISC_SUPPORT #endif
In certain i.MX devices the encrypted boot image is failing to boot. According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices" it's necessary to pad CSF to 0x2000 and append DEK blob. In this case the total image size in boot data structure must cover the entire binary otherwise the dek_blob won't be copied to memory and image won't be decrypted. Increase CSF_SIZE to 0x4000 to avoid such issue when booting encrypted boot images. Signed-off-by: Breno Lima <breno.lima@nxp.com> --- include/configs/mx6_common.h | 2 +- include/configs/mx7_common.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)