From 15b505b0553da2d8a99ae5c1d14968e87f5c6bef Mon Sep 17 00:00:00 2001
From: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Date: Sun, 6 Nov 2016 16:37:55 +0100
Subject: arm: imx: add HAB authentication of image to SPL boot

When using HAB as secure boot mechanism on Wandboard, the chain of
trust breaks immediately after the SPL. As this is not checking
the authenticity of the loaded image before jumping to it.

The HAB status output will not be implemented in SPL as it adds
a lot of strings that are only required in debug cases. With those
it exceeds the maximum size of the available OCRAM (69 KiB).

The SPL MISC driver support must be enabled, so that the driver can use OTP fuse
to check if HAB is enabled.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
---
 arch/arm/imx-common/spl_sd.cfg | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'arch/arm/imx-common/spl_sd.cfg')

diff --git a/arch/arm/imx-common/spl_sd.cfg b/arch/arm/imx-common/spl_sd.cfg
index 5fc3e8af38..14c135c549 100644
--- a/arch/arm/imx-common/spl_sd.cfg
+++ b/arch/arm/imx-common/spl_sd.cfg
@@ -4,5 +4,15 @@
  * SPDX-License-Identifier:	GPL-2.0+
  */
 
+#define __ASSEMBLY__
+#include <config.h>
+
 IMAGE_VERSION	2
 BOOT_FROM	sd
+
+/*
+ * Secure boot support
+ */
+#ifdef CONFIG_SECURE_BOOT
+CSF CONFIG_CSF_SIZE
+#endif
\ No newline at end of file
-- 
cgit