From patchwork Mon Apr 20 18:47:58 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ulises.Cardenas@freescale.com X-Patchwork-Id: 462898 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 3DA6C1400A0 for ; Tue, 21 Apr 2015 06:25:19 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 940C8A742D; Mon, 20 Apr 2015 22:25:15 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DQO3pLVKN_MG; Mon, 20 Apr 2015 22:25:15 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id DAA8EA7423; Mon, 20 Apr 2015 22:25:14 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id B21B8A7423 for ; Mon, 20 Apr 2015 22:25:11 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0n7xfhGz0lS for ; Mon, 20 Apr 2015 22:25:11 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0139.outbound.protection.outlook.com [65.55.169.139]) by theia.denx.de (Postfix) with ESMTPS id 36A04A7422 for ; Mon, 20 Apr 2015 22:25:07 +0200 (CEST) Received: from BY2PR03CA076.namprd03.prod.outlook.com (10.141.249.49) by BLUPR03MB344.namprd03.prod.outlook.com (10.141.48.24) with Microsoft SMTP Server (TLS) id 15.1.136.17; Mon, 20 Apr 2015 18:51:25 +0000 Received: from BN1BFFO11FD025.protection.gbl (2a01:111:f400:7c10::1:131) by BY2PR03CA076.outlook.office365.com (2a01:111:e400:2c5d::49) with Microsoft SMTP Server (TLS) id 15.1.136.25 via Frontend Transport; Mon, 20 Apr 2015 18:51:25 +0000 Authentication-Results: spf=fail (sender IP is 192.88.158.2) smtp.mailfrom=freescale.com; freescale.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none; Received-SPF: Fail (protection.outlook.com: domain of freescale.com does not designate 192.88.158.2 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.158.2; helo=az84smr01.freescale.net; Received: from az84smr01.freescale.net (192.88.158.2) by BN1BFFO11FD025.mail.protection.outlook.com (10.58.144.88) with Microsoft SMTP Server (TLS) id 15.1.148.11 via Frontend Transport; Mon, 20 Apr 2015 18:51:24 +0000 Received: from helix.am.freescale.net (helix.am.freescale.net [10.81.16.42]) by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id t3KIpM3W003776; Mon, 20 Apr 2015 11:51:22 -0700 From: To: Date: Mon, 20 Apr 2015 13:47:58 -0500 Message-ID: <1429555678-27537-1-git-send-email-Ulises.Cardenas@freescale.com> X-Mailer: git-send-email 2.3.2 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:192.88.158.2; CTRY:US; IPV:NLI; EFV:NLI; BMV:1; SFV:NSPM; SFS:(10019020)(6009001)(339900001)(189002)(199003)(50986999)(36756003)(46102003)(62966003)(77096005)(77156002)(86152002)(48376002)(92566002)(85426001)(104016003)(86362001)(229853001)(50226001)(47776003)(105606002)(19580405001)(110136001)(2351001)(6806004)(19580395003)(87936001)(50466002)(106466001)(4001430100001)(4001450100001); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB344; H:az84smr01.freescale.net; FPR:; SPF:Fail; MLV:sfv; MX:1; A:1; LANG:en; MIME-Version: 1.0 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB344; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5002010)(5005006); SRVR:BLUPR03MB344; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB344; X-Forefront-PRVS: 05529C6FDB X-OriginatorOrg: freescale.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Apr 2015 18:51:24.5200 (UTC) X-MS-Exchange-CrossTenant-Id: 710a03f5-10f6-4d38-9ff4-a80b81da590d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=710a03f5-10f6-4d38-9ff4-a80b81da590d; Ip=[192.88.158.2]; Helo=[az84smr01.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB344 Cc: u-boot@lists.denx.de, Ulises Cardenas Subject: [U-Boot] [PATCH] Fix mxc_hab documenation X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Ulises Cardenas It is necessary to modify the configuration file for the target board. It wasn't well documented that to enable any of the secure boot modes, it is required to add CONFIG_SECURE_BOOT to the board configuration file. Also, fixed a typo in the encrypted boot section. Signed-off-by: Ulises Cardenas --- doc/README.mxc_hab | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/doc/README.mxc_hab b/doc/README.mxc_hab index a1b1d34..b688580 100644 --- a/doc/README.mxc_hab +++ b/doc/README.mxc_hab @@ -1,7 +1,13 @@ High Assurance Boot (HAB) for i.MX6 CPUs -To authenticate U-Boot only by the CPU there is no code required in -U-Boot itself. However, the U-Boot image to be programmed into the +To enable the authenticated or encrypted boot mode of U-Boot, it is +required to set the proper configuration for the target board. This +is done by adding the following configuration in in the proper config +file (e.g. include/configs/mx6qarm2.h) + +#define CONFIG_SECURE_BOOT + +In addition, the U-Boot image to be programmed into the boot media needs to be properly constructed, i.e. it must contain a proper Command Sequence File (CSF). @@ -69,7 +75,7 @@ CONFIG_SECURE_BOOT CONFIG_SYS_FSL_SEC_COMPAT 4 /* HAB version */ CONFIG_FSL_CAAM CONFIG_CMD_DEKBLOB -CONFIG_SYS_FSL_LE +CONFIG_SYS_FSL_SEC_LE Note: The encrypted boot feature is only supported by HABv4 or greater.