summaryrefslogtreecommitdiff
path: root/arch/arm/include/asm/fsl_secure_boot.h
diff options
context:
space:
mode:
authorUdit Agarwal <udit.agarwal@nxp.com>2017-02-09 21:36:11 +0530
committerYork Sun <york.sun@nxp.com>2017-03-28 09:03:04 -0700
commitac55dadb1cb6a350604affd84e19006984933fa0 (patch)
tree34f3ef01b3639fd4dc939a102ede6804bf4f45e5 /arch/arm/include/asm/fsl_secure_boot.h
parent6d7b9e78f531210fd4dc99d12e81b0df8d8cdae0 (diff)
fsl: Secure Boot: Enable IE (Key extention) Feature
For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'arch/arm/include/asm/fsl_secure_boot.h')
-rw-r--r--arch/arm/include/asm/fsl_secure_boot.h6
1 files changed, 3 insertions, 3 deletions
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 8ef866d740..d98a1e8f89 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -38,11 +38,11 @@
* in boot ROM of the SoC.
* The feature is only applicable in case of NOR boot and is
* not applicable in case of RAMBOOT (NAND, SD, SPI).
+ * For LS, this feature is available for all device if IE Table
+ * is copied to XIP memory
+ * Also, for LS, ISBC doesn't verify this table.
*/
-#ifndef CONFIG_ESBC_HDR_LS
-/* Current Key EXT feature not available in LS ESBC Header */
#define CONFIG_FSL_ISBC_KEY_EXT
-#endif
#endif