Commit 06d607bc6940a784cafb7e9350fa4188872b3b92
Committed by
Ye Li
1 parent
129cb6c823
Exists in
smarc_8mq_lf_v2020.04
and in
4 other branches
MLK-24362-4 doc: imx: habv4: Add information for secure boot in SDP mode
Add references to the UUU documentation on how to perform secure boot in SDP mode. Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> (cherry picked from commit 59942641eaef22cbd9993bbdb58f250006d5e15a)
Showing 3 changed files with 31 additions and 10 deletions Side-by-side Diff
doc/imx/habv4/guides/mx6_mx7_secure_boot.txt
... | ... | @@ -342,7 +342,13 @@ |
342 | 342 | | i.MX7ULP | bank 1 word 1 | 0x000000C0 | |
343 | 343 | +--------------+---------------+------------+ |
344 | 344 | |
345 | -2. Extending the root of trust | |
345 | +2. Secure boot in SDP mode | |
346 | +--------------------------- | |
347 | + | |
348 | +For secure boot in SDP mode, please refer to the "HABv4 closed chip support" | |
349 | +chapter in the UUU documentation[3]. | |
350 | + | |
351 | +3. Extending the root of trust | |
346 | 352 | ------------------------------- |
347 | 353 | |
348 | 354 | The High Assurance Boot (HAB) code located in the on-chip ROM provides an |
... | ... | @@ -376,7 +382,7 @@ |
376 | 382 | | Padding (optional) | |
377 | 383 | +-----------------------------+ |
378 | 384 | |
379 | -2.1 Padding the image | |
385 | +3.1 Padding the image | |
380 | 386 | ---------------------- |
381 | 387 | |
382 | 388 | The zImage must be padded to the next boundary address (0x1000), for instance |
... | ... | @@ -389,7 +395,7 @@ |
389 | 395 | $ objcopy -I binary -O binary --pad-to 0x64A000 --gap-fill=0x00 \ |
390 | 396 | zImage zImage_pad.bin |
391 | 397 | |
392 | -2.2 Generating Image Vector Table | |
398 | +3.2 Generating Image Vector Table | |
393 | 399 | ---------------------------------- |
394 | 400 | |
395 | 401 | The HAB code requires an Image Vector Table (IVT) for determining the image |
... | ... | @@ -407,7 +413,7 @@ |
407 | 413 | |
408 | 414 | $ cat zImage_pad.bin ivt.bin > zImage_pad_ivt.bin |
409 | 415 | |
410 | -2.3 Signing the image | |
416 | +3.3 Signing the image | |
411 | 417 | ---------------------- |
412 | 418 | |
413 | 419 | A CSF file has to be created to sign the image. HAB does not allow to change |
... | ... | @@ -425,7 +431,7 @@ |
425 | 431 | |
426 | 432 | $ cat zImage_pad_ivt.bin csf_zImage.bin > zImage_signed.bin |
427 | 433 | |
428 | -2.4 Verifying HAB events | |
434 | +3.4 Verifying HAB events | |
429 | 435 | ------------------------- |
430 | 436 | |
431 | 437 | The U-Boot includes the hab_auth_img command which can be used for |
... | ... | @@ -441,4 +447,5 @@ |
441 | 447 | References: |
442 | 448 | [1] AN4581: "i.MX Secure Boot on HABv4 Supported Devices" |
443 | 449 | [2] AN12263: "HABv4 RVT Guidelines and Recommendations" |
450 | +[3] https://github.com/NXPmicro/mfgtools/releases/ |
doc/imx/habv4/guides/mx6_mx7_spl_secure_boot.txt
... | ... | @@ -176,6 +176,13 @@ |
176 | 176 | mx6_mx7_secure_boot.txt document available under doc/imx/habv4/guides/ |
177 | 177 | directory. |
178 | 178 | |
179 | +2. Secure boot in SDP mode | |
180 | +--------------------------- | |
181 | + | |
182 | +For secure boot in SDP mode, please refer to the "HABv4 closed chip support" | |
183 | +chapter in the UUU documentation[2]. | |
184 | + | |
179 | 185 | References: |
180 | 186 | [1] AN4581: "i.MX Secure Boot on HABv4 Supported Devices" |
187 | +[2] https://github.com/NXPmicro/mfgtools/releases/ |
doc/imx/habv4/guides/mx8m_secure_boot.txt
... | ... | @@ -423,7 +423,13 @@ |
423 | 423 | |
424 | 424 | => fuse prog 1 3 0xC00000 |
425 | 425 | |
426 | -2. Authenticating additional boot images | |
426 | +2. Secure boot in SDP mode | |
427 | +--------------------------- | |
428 | + | |
429 | +For secure boot in SDP mode, please refer to the "HABv4 closed chip support" | |
430 | +chapter in the UUU documentation[3]. | |
431 | + | |
432 | +3. Authenticating additional boot images | |
427 | 433 | ----------------------------------------- |
428 | 434 | |
429 | 435 | The High Assurance Boot (HAB) code located in the on-chip ROM provides an |
... | ... | @@ -461,7 +467,7 @@ |
461 | 467 | | Padding (optional) | |
462 | 468 | +-----------------------------+ |
463 | 469 | |
464 | -2.1 Padding the image | |
470 | +3.1 Padding the image | |
465 | 471 | ---------------------- |
466 | 472 | |
467 | 473 | The Image must be padded to the size specified in the Image header, this can be |
... | ... | @@ -480,7 +486,7 @@ |
480 | 486 | $ objcopy -I binary -O binary --pad-to 0x1455000 --gap-fill=0x00 \ |
481 | 487 | Image Image_pad.bin |
482 | 488 | |
483 | -2.2 Generating Image Vector Table | |
489 | +3.2 Generating Image Vector Table | |
484 | 490 | ---------------------------------- |
485 | 491 | |
486 | 492 | The HAB code requires an Image Vector Table (IVT) for determining the image |
... | ... | @@ -498,7 +504,7 @@ |
498 | 504 | |
499 | 505 | $ cat Image_pad.bin ivt.bin > Image_pad_ivt.bin |
500 | 506 | |
501 | -2.3 Signing the image | |
507 | +3.3 Signing the image | |
502 | 508 | ---------------------- |
503 | 509 | |
504 | 510 | A CSF file has to be created to sign the image. HAB does not allow to change |
... | ... | @@ -515,7 +521,7 @@ |
515 | 521 | |
516 | 522 | $ cat Image_pad_ivt.bin csf_Image.bin > Image_signed.bin |
517 | 523 | |
518 | -2.4 Verifying HAB events | |
524 | +3.4 Verifying HAB events | |
519 | 525 | ------------------------- |
520 | 526 | |
521 | 527 | The U-Boot includes the hab_auth_img command which can be used for |
... | ... | @@ -531,4 +537,5 @@ |
531 | 537 | References: |
532 | 538 | [1] AN4581: "i.MX Secure Boot on HABv4 Supported Devices" |
533 | 539 | [2] AN12212: "Software Solutions for Migration Guide from Aarch32 to Aarch64" |
540 | +[3] https://github.com/NXPmicro/mfgtools/releases/ |
-
mentioned in commit dff60c