16 May, 2015

1 commit

• 8148b8244   Fix mxc_hab documenation ... Browse Code »

  It is necessary to modify the configuration file for the target
  board. It wasn't well documented that to enable any of the secure
  boot modes, it is required to add CONFIG_SECURE_BOOT to the board
  configuration file.

  Also, fixed a typo in the encrypted boot section.

  Signed-off-by: Ulises Cardenas

  Ulises Cardenas

  2015-05-16 01:20:46 +0800  

08 Apr, 2015

1 commit

• f97d112eb   Fix mxc_hab documenation for DEK blob generation ... Browse Code »

  Include/fsl_sec.h defines sec_in and sec_out, according to the
  platform's endianess. Therefore, CONFIG_SYS_FSL_LE needs to be
  declared in the configuration file of the target, in order to use
  enable the DEK blob generation command. This requirement is not
  explicit in the README.mxc_hab.

  Signed-off-by: Ulises Cardenas

  Ulises Cardenas

  2015-04-08 16:54:10 +0800  

02 Mar, 2015

1 commit

• 0200020bc   imx6: Added DEK blob generator command ... Browse Code »

  43

  Freescale's SEC block has built-in Data Encryption
  Key(DEK) Blob Protocol which provides a method for
  protecting a DEK for non-secure memory storage.
  SEC block protects data in a data structure called
  a Secret Key Blob, which provides both confidentiality
  and integrity protection.
  Every time the blob encapsulation is executed,
  a AES-256 key is randomly generated to encrypt the DEK.
  This key is encrypted with the OTP Secret key
  from SoC. The resulting blob consists of the encrypted
  AES-256 key, the encrypted DEK, and a 16-bit MAC.

  During decapsulation, the reverse process is performed
  to get back the original DEK. A caveat to the blob
  decapsulation process, is that the DEK is decrypted
  in secure-memory and can only be read by FSL SEC HW.
  The DEK is used to decrypt data during encrypted boot.

  Commands added
  --------------
  dek_blob - encapsulating DEK as a cryptgraphic blob

  Commands Syntax
  ---------------
  dek_blob src dst len

  Encapsulate and create blob of a len-bits DEK at
  address src and store the result at address dst.

  Signed-off-by: Raul Cardenas
  Signed-off-by: Nitin Garg

  Signed-off-by: Ulises Cardenas

  Signed-off-by: Ulises Cardenas-B45798

  Raul Cardenas

  2015-03-02 16:57:06 +0800  

15 Oct, 2013

1 commit

• 93e145964   Coding Style cleanup: replace leading SPACEs by TABs ... Browse Code »

  Signed-off-by: Wolfgang Denk
  [trini: Drop changes for PEP 4 following python tools]
  Signed-off-by: Tom Rini

  Wolfgang Denk

  2013-10-15 04:06:54 +0800  

31 Aug, 2013

1 commit

• 0187c985a   tools: add support for setting the CSF into imximage ... Browse Code »

  Add support for setting the CSF (Command Sequence File) pointer
  which is used for HAB (High Assurance Boot) in the imximage by
  adding e.g.

  CSF 0x2000

  in the imximage.cfg file.

  This will set the CSF pointer accordingly just after the padded
  data image area. The boot_data.length is adjusted with the
  value from the imximage.cfg config file.

  The resulting u-boot.imx can be signed with the FSL HAB tooling.
  The generated CSF block needs to be appended to the u-boot.imx.

  Signed-off-by: Stefano Babic

  Stefano Babic

  2013-08-31 21:06:29 +0800