Commit ff8ab3ff76e0da08e7253ed6446ba8d79e51c0ec
Committed by
Ye Li
1 parent
415efc9358
Exists in
smarc-imx_v2017.03_o8.1.0_1.3.0_8m
and in
1 other branch
Convert CONFIG_CMD_BLOB to Kconfig
This converts the following to Kconfig: CONFIG_CMD_BLOB Signed-off-by: Simon Glass <sjg@chromium.org> [trini: Add imply CMD_BLOB under CHAIN_OF_TRUST] Signed-off-by: Tom Rini <trini@konsulko.com> [Breno: Backported to v2017.03] Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> (cherry picked from commit 921eb14d54c612680c3e73d9ddf9e1b9f526905f)
Showing 6 changed files with 47 additions and 4 deletions Side-by-side Diff
arch/arm/include/asm/fsl_secure_boot.h
arch/powerpc/include/asm/fsl_secure_boot.h
board/freescale/common/Kconfig
cmd/Kconfig
... | ... | @@ -740,6 +740,51 @@ |
740 | 740 | endmenu |
741 | 741 | |
742 | 742 | menu "Security commands" |
743 | + | |
744 | +config CMD_BLOB | |
745 | + bool "Enable the 'blob' command" | |
746 | + help | |
747 | + This is used with the Freescale secure boot mechanism. | |
748 | + | |
749 | + Freescale's SEC block has built-in Blob Protocol which provides | |
750 | + a method for protecting user-defined data across system power | |
751 | + cycles. SEC block protects data in a data structure called a Blob, | |
752 | + which provides both confidentiality and integrity protection. | |
753 | + | |
754 | + Encapsulating data as a blob | |
755 | + Each time that the Blob Protocol is used to protect data, a | |
756 | + different randomly generated key is used to encrypt the data. | |
757 | + This random key is itself encrypted using a key which is derived | |
758 | + from SoC's non-volatile secret key and a 16 bit Key identifier. | |
759 | + The resulting encrypted key along with encrypted data is called a | |
760 | + blob. The non-volatile secure key is available for use only during | |
761 | + secure boot. | |
762 | + | |
763 | + During decapsulation, the reverse process is performed to get back | |
764 | + the original data. | |
765 | + | |
766 | + Sub-commands: | |
767 | + blob enc - encapsulating data as a cryptgraphic blob | |
768 | + blob dec - decapsulating cryptgraphic blob to get the data | |
769 | + | |
770 | + Syntax: | |
771 | + | |
772 | + blob enc src dst len km | |
773 | + | |
774 | + Encapsulate and create blob of data $len bytes long | |
775 | + at address $src and store the result at address $dst. | |
776 | + $km is the 16 byte key modifier is also required for | |
777 | + generation/use as key for cryptographic operation. Key | |
778 | + modifier should be 16 byte long. | |
779 | + | |
780 | + blob dec src dst len km | |
781 | + | |
782 | + Decapsulate the blob of data at address $src and | |
783 | + store result of $len byte at addr $dst. | |
784 | + $km is the 16 byte key modifier is also required for | |
785 | + generation/use as key for cryptographic operation. Key | |
786 | + modifier should be 16 byte long. | |
787 | + | |
743 | 788 | config CMD_TPM |
744 | 789 | bool "Enable the 'tpm' command" |
745 | 790 | depends on TPM |
cmd/Makefile
... | ... | @@ -158,9 +158,9 @@ |
158 | 158 | # Power |
159 | 159 | obj-$(CONFIG_CMD_PMIC) += pmic.o |
160 | 160 | obj-$(CONFIG_CMD_REGULATOR) += regulator.o |
161 | -endif # !CONFIG_SPL_BUILD | |
162 | 161 | |
163 | 162 | obj-$(CONFIG_CMD_BLOB) += blob.o |
163 | +endif # !CONFIG_SPL_BUILD | |
164 | 164 | |
165 | 165 | # core command |
166 | 166 | obj-y += nvedit.o |