diff options
author | Udit Agarwal <udit.agarwal@nxp.com> | 2017-02-09 21:36:11 +0530 |
---|---|---|
committer | York Sun <york.sun@nxp.com> | 2017-03-28 09:03:04 -0700 |
commit | ac55dadb1cb6a350604affd84e19006984933fa0 (patch) | |
tree | 34f3ef01b3639fd4dc939a102ede6804bf4f45e5 /arch/arm/include/asm/fsl_secure_boot.h | |
parent | 6d7b9e78f531210fd4dc99d12e81b0df8d8cdae0 (diff) |
fsl: Secure Boot: Enable IE (Key extention) Feature
For validating images from uboot (Such as Kernel Image), either keys
from SoC fuses can be used or keys from a verified table of public
keys can be used. The latter feature is called IE Key Extension
Feature.
For Layerscape Chasis 3 based platforms, IE table is validated by
Bootrom and address of this table is written in scratch registers 13
and 14 via PBI commands.
Following are the steps describing usage of this feature:
1) Verify IE Table in ISBC phase using keys stored in fuses.
2) Install IE table. (To be used across verification of multiple
images stored in a static global structure.)
3) Use keys from IE table, to verify further images.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'arch/arm/include/asm/fsl_secure_boot.h')
-rw-r--r-- | arch/arm/include/asm/fsl_secure_boot.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 8ef866d740..d98a1e8f89 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -38,11 +38,11 @@ * in boot ROM of the SoC. * The feature is only applicable in case of NOR boot and is * not applicable in case of RAMBOOT (NAND, SD, SPI). + * For LS, this feature is available for all device if IE Table + * is copied to XIP memory + * Also, for LS, ISBC doesn't verify this table. */ -#ifndef CONFIG_ESBC_HDR_LS -/* Current Key EXT feature not available in LS ESBC Header */ #define CONFIG_FSL_ISBC_KEY_EXT -#endif #endif |