diff options
author | Stefano Babic <sbabic@denx.de> | 2013-06-27 11:42:38 +0200 |
---|---|---|
committer | Stefano Babic <sbabic@denx.de> | 2013-08-31 15:06:29 +0200 |
commit | 0187c985aa870a74caeecd3bd10244322b7e4d99 (patch) | |
tree | 5e6a7b86f84be2ba4107e1957e37a81b2500e6d9 /doc/README.imximage | |
parent | 01390aff251e541fcaa77fa6c6e3eee4d7a5554b (diff) | |
download | u-boot-0187c985aa870a74caeecd3bd10244322b7e4d99.tar.gz |
tools: add support for setting the CSF into imximage
Add support for setting the CSF (Command Sequence File) pointer
which is used for HAB (High Assurance Boot) in the imximage by
adding e.g.
CSF 0x2000
in the imximage.cfg file.
This will set the CSF pointer accordingly just after the padded
data image area. The boot_data.length is adjusted with the
value from the imximage.cfg config file.
The resulting u-boot.imx can be signed with the FSL HAB tooling.
The generated CSF block needs to be appended to the u-boot.imx.
Signed-off-by: Stefano Babic <sbabic@denx.de>
Diffstat (limited to 'doc/README.imximage')
-rw-r--r-- | doc/README.imximage | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/doc/README.imximage b/doc/README.imximage index 802eb90f1d..dcda2005af 100644 --- a/doc/README.imximage +++ b/doc/README.imximage @@ -15,9 +15,6 @@ Booting from NOR flash does not require to use this image type. For more details refer Chapter 2 - System Boot and section 2.14 (flash header description) of the processor's manual. -This implementation does not use at the moment the secure boot feature -of the processor. The image is generated disabling all security fields. - Command syntax: -------------- ./tools/mkimage -l <mx u-boot_file> @@ -86,6 +83,33 @@ Configuration command line syntax: Example: BOOT_FROM spi + CSF value + + Total size of CSF (Command Sequence File) + used for Secure Boot/ High Assurance Boot + (HAB). + + Using this command will populate the IVT + (Initial Vector Table) CSF pointer and adjust + the length fields only. The CSF itself needs + to be generated with Freescale tools and + 'manually' appended to the u-boot.imx file. + + The CSF is then simply concatenated + to the u-boot image, making a signed bootloader, + that the processor can verify + if the fuses for the keys are burned. + + Further infos how to configure the SOC to verify + the bootloader can be found in the "High + Assurance Boot Version Application Programming + Interface Reference Manual" as part of the + Freescale Code Signing Tool, available on the + manufacturer's website. + + Example: + CSF 0x2000 + DATA type address value type: word=4, halfword=2, byte=1 |