From patchwork Wed Aug 25 15:14:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marcel Ziswiler X-Patchwork-Id: 1520820 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GvqKy4Ls2z9sW4 for ; Thu, 26 Aug 2021 01:15:33 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 91C6F831BA; Wed, 25 Aug 2021 17:15:25 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=ziswiler.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id A53C482E0A; Wed, 25 Aug 2021 17:15:10 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6BB8D82E68 for ; Wed, 25 Aug 2021 17:15:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=ziswiler.com Authentication-Results: phobos.denx.de; spf=none smtp.mailfrom=marcel@ziswiler.com Received: from toolbox.cardiotech.int ([81.221.236.183]) by mrelay.perfora.net (mreueus002 [74.208.5.2]) with ESMTPSA (Nemesis) id 0MJRQT-1mKpM514CR-00323F; Wed, 25 Aug 2021 17:14:54 +0200 From: Marcel Ziswiler To: u-boot@lists.denx.de Cc: Fabio Estevam , Heiko Thiery , Stefano Babic , Frieder Schrempf , Marcel Ziswiler , "NXP i.MX U-Boot Team" , Simon Glass , Tom Rini Subject: [PATCH v3 03/10] ARM: dts: imx8mm-verdin: prepare for dek blob encapsulation Date: Wed, 25 Aug 2021 17:14:34 +0200 Message-Id: <20210825151441.485419-4-marcel@ziswiler.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20210825151441.485419-1-marcel@ziswiler.com> References: <20210825151441.485419-1-marcel@ziswiler.com> MIME-Version: 1.0 X-Provags-ID: V03:K1:1k7+1ew7HYcvOwaM6HHw2ve79V6QDUUVUWMLrcXhWwOWc7bB5bv 57l7b96S3Z0vtYEq9U6AqiiCPj/qLJJ/wx2XET9So+vzR0R84w+A/ZucylQ/WGHMsMDzrZw xQN5Zxq0qvo1MhVWyxUxHv5NEI17qI7D5xHCF81mMFrPUgv4gg/KQQub4zjd+gvg3HEJHCh 5BNskzPo0R1LZBij3Sdeg== X-UI-Out-Filterresults: notjunk:1;V03:K0:8wjN9Lwpro0=:qvGyE+0lsliiSzeBKXhSVb a6S6ZswKPbhwBSHj6XgPtmoc7WgMafce8djStgtIoNdzP1c6ZRo+C4/r9dJ8RrbeaN2FG4t0u 9tkUfb/+7TbcyN1FvJK6jIeFRmzs3fO+YImvC2mkQDqrROtf4Dh9pIO9F2pVGXMdAh/NNc5C6 AbSqV9H3U2hY0PoLkF0naoN0qkLP1z1sdNdzUgF3qDt9l5qBNbum+VxLAAuUnRoWHQ/SA1go9 SyWaB8legQyfrm1e1qbAEVVFdTpjYriwLQk5GDY5jqzn4bWjoY6xdRRIxRabsuQaopCVMQCPZ painwaYrxXq4MUX/A9tywp1WRlLGMqIZROLMa1A5vj3liRKYtASDCKE2RVlNNY66gGIuPQCiA R47OO8tHu9Uq1Ibdx91XVOwm5Ywlt75joJA5AOrjRi4AKLX7quJWPAyCjrnl15Lo2qqiPj37d x8eyYVRl2hSNdoW+9O4GlqvFAydxfpwRXYfkLCcR2E1p/ZAfh02l/XSB7+KDAa7Et2faAE6Wg 6H972bYiuFUY8dLWpZalhZPk/XDpkRJcrNo5WrRIvuuK3LKKqAp8wUPS0I5qU6Oud1V78rzC1 l1HGUa28KnFWM1uaYJTW7ywQrIWzGc9+OCfPev546QtYoApnIj0x9ttWMrs/4UpuNLJexWED2 eNJ90HXEyr2fQGoQPNIqiUHafqCB6Vza37YMBfNdzuAiEo4I0HFqqPoJgETo30X+etXenYvGn +wp1RY746ZdbEaV6wE+kwZ5ZEUduGQ9i+gbOMQ== X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean From: Marcel Ziswiler Prepare for DEK blob encapsulation support through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Taken from NXP's commit 56d2050f4028 ("imx8m: Add DEK blob encapsulation for imx8m"). Signed-off-by: Marcel Ziswiler Reviewed-by: Fabio Estevam --- (no changes since v1) arch/arm/dts/imx8mm-verdin-u-boot.dtsi | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/arm/dts/imx8mm-verdin-u-boot.dtsi b/arch/arm/dts/imx8mm-verdin-u-boot.dtsi index 67c31c49b6c..a97626fa0c1 100644 --- a/arch/arm/dts/imx8mm-verdin-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-verdin-u-boot.dtsi @@ -6,6 +6,13 @@ #include "imx8mm-u-boot.dtsi" / { + firmware { + optee { + compatible = "linaro,optee-tz"; + method = "smc"; + }; + }; + wdt-reboot { compatible = "wdt-reboot"; wdt = <&wdog1>;