Age | Commit message (Collapse) | Author |
|
The mentioned CST PKI tree generation commands are compatible with the
newer versions of the tool, so there is no need to hardcode the CST
version. Add this information in the documentation.
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
|
|
Remove AN revisions so it is not needed to update this when new versions are
released.
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
|
|
Old file name referred to "cst" instead of "csf".
Fix this.
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
|
|
Update SECO event example description to clarify the
error reported.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 1018252a576697e8f80ab78a1dcb15f1866e1fb8)
|
|
Add AHAB encrypted boot documentation for i.MX8/8x family devices
covering the following topics:
- How to encrypt and sign the 2nd container in flash.bin image.
- How to encrypt and sign a standalone container image.
Include a CSF example to encrypt 2nd container in flash.bin image.
Signed-off-by: Catia Han <yaqian.han@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
(cherry picked from commit dc18ee2c6c06ab9364dc08c70830acc8c6dcceac)
|
|
Commit 28dd37699022("imx8: Clean up targets") in imx-mkimage project
renamed flash_linux target to flash_kernel.
Update AHAB documentation to align with this change.
Reported-by: Frank Zhang <frank.zhang@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
(cherry picked from commit 8713142afd953e89bb6aa460716692fbb0a6a413)
|
|
Since we have changed imx-mkimage flash_spl_container target
to flash_spl, also update it in u-boot ahab document.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
(cherry picked from commit f850d467db9cf3b9b58688b96f1b4d9d8632b07d)
(cherry picked from commit 6b86e3f2f9dd7a29ee817119340ef61efb010cf6)
|
|
Fix a typo in path provided for imx-mkimage iMX8QM and iMX8QXP directories.
Reported-by: Marius Grigoras <marius.grigoras@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit c75243c1a87a10f003377d9c144bcf412ba80440)
(cherry picked from commit ee024325a0a32b248c4ddb4bb04768bcfb933694)
|
|
The commands included in introduction guide should not be used as
reference for programming the SRK Hash fuses as they are in big
endian.
Add a note to avoid a possible mistake.
Reported-by: Clement Le Marquis <clement.lemarquis@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 137319826cc32d98a9b6890f35dd6670e104c2a5)
(cherry picked from commit 03d49480f73ce62de4f759fe02dfcf82726b8b79)
|
|
Since commit 771b824728ca ("MLK-20919 imx8: ahab: Add command to
close the chip") the U-Boot is able to move the lifecycle from
NXP closed to OEM closed.
Update AHAB guides to use U-Boot ahab_close command instead of SCFW CLI.
As the procedure is now independent of SCFW terminal we can remove
this condition from documentation.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 6f93d877e1454024f666a4810d24148cf595429e)
(cherry picked from commit 4f6bc59ff94de150611d82b45365d24d356f30ef)
|
|
Since commit cf2acc5b7cde ("MLK-18942-2 imx8: ahab: Add ahab_status
command") the U-Boot is able to display and parse the SECO events.
Update AHAB guides to use U-Boot ahab_status command instead of
SCFW CLI.
Starting in SECO FW v0.2.0 engineering release an invalid image
integrity is logged as an event in open mode. As ahab_status
is able to return this event the note can be removed.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 385ed19051a47f5858e8d326e5ee97f8a08a679d)
(cherry picked from commit 4a88ca0aecec31d0877d7a620fa796a83387a195)
|
|
i.MX8x SPL targets
The current U-Boot implementation includes SPL targets for i.MX8QM and
i.MXQXP MEK boards:
- imx8qxp_mek_spl_defconfig
- imx8qxp_mek_spl_fspi_defconfig
- imx8qm_mek_spl_defconfig
- imx8qm_mek_spl_fspi_defconfig
The U-Boot proper and ATF are included in an additional container being
necessary a different procedure for signing the flash.bin image.
Add a step-by-step guide covering the signing procedure.
Add a CSF example for the 3rd container.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Frank Zhang <frank.zhang@nxp.com>
Reviewed-by: Marius Grigoras <marius.grigoras@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
(cherry picked from commit 04505024d38eebbb5f39133b502c8e450ca40215)
(cherry picked from commit b139f10ccec5c57164f7e07e33984c845ce58b60)
|
|
and 8X families
Add AHAB secure boot step-by-step guide for i.MX8 and i.MX8x families
devices.
Add 3 CSF example files:
- Example to sign flash.bin only using SRK keys.
- Example to sign flash.bin using a subordinate SGK key.
- Example to sign Linux image only using SRK keys.
Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com>
Reviewed-by: Frank Zhang <frank.zhang@nxp.com>
Reviewed-by: Marius Grigoras <marius.grigoras@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
(cherry picked from commit 7c46caba3b528b0399242f99612e5b094b1a4703)
(cherry picked from commit 20016c156f4f4e618de9eff6f5b1fc6a1c871e2a)
|
|
The AHAB is currently supported in i.MX8QXP and i.MX8QM devices.
Add an introductory document containing the following topics:
- AHAB Secure Boot Architecture
- System Control Unit (SCU) introduction
- Security Controller (SECO) introduction
- i.MX8/8x secure boot flow
- AHAB PKI tree generation
- SRK Table and SRK Hash generation
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Frank Zhang <frank.zhang@nxp.com>
Reviewed-by: Marius Grigoras <marius.grigoras@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
(cherry picked from commit 6e9ceb2526bd4a45c6ff669afb086cc3a0627e6b)
(cherry picked from commit d3534f1d0e9a0f777160a4a6732a30a2bb545733)
|