imx8m: Add DEK blob encapsulation for imx8m

Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
author: Clement Faure <clement.faure@nxp.com> 2021-03-25 17:30:33 +0800
committer: Stefano Babic <sbabic@denx.de> 2021-04-08 20:29:52 +0200
commit: 56d2050f40287fe46757d4cbe69d62a1381c3c64 (patch)
tree: e0306aa0489ba7b4bc923c2c5cc875b03cfabb04 /drivers/crypto
parent: 613cf239ed490f900b8f822df4a2d5a1a27d7a47 (diff)
download: u-boot-56d2050f40287fe46757d4cbe69d62a1381c3c64.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile
index eb689c1b9f..f9c3ccecfc 100644
--- a/drivers/crypto/fsl/Makefile
+++ b/drivers/crypto/fsl/Makefile
@@ -4,8 +4,7 @@
 
 obj-y += sec.o
 obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o
-obj-$(CONFIG_CMD_BLOB) += fsl_blob.o
-obj-$(CONFIG_CMD_DEKBLOB) += fsl_blob.o
+obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o
 obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o
 obj-$(CONFIG_FSL_CAAM_RNG) += rng.o
 obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o
author	Clement Faure <clement.faure@nxp.com>	2021-03-25 17:30:33 +0800
committer	Stefano Babic <sbabic@denx.de>	2021-04-08 20:29:52 +0200
commit	56d2050f40287fe46757d4cbe69d62a1381c3c64 (patch)
tree	e0306aa0489ba7b4bc923c2c5cc875b03cfabb04 /drivers/crypto
parent	613cf239ed490f900b8f822df4a2d5a1a27d7a47 (diff)
download	u-boot-56d2050f40287fe46757d4cbe69d62a1381c3c64.tar.gz