scripts: imx: Support encrypted boot with HABv4

Fork: 0

LuminaSensum / barebox

Browse code scripts: imx: Support encrypted boot with HABv4 .imxcfg configuration files support few more commands, all starting with "hab_encrypt" string. That way it is possible to easily ignore these commands, when image encryption was not requested. Hence, we can use single .imxcfg file to generate signed and encrypted images in the same build. Images are encrypted in place by Freescale Code Signing Tool (cst), using Data Encryption Key (DEK). This key needs to be encapsulated by processor's hardware encryption engine to produce DEK blob, which is unique for each device. DEK blob needs to be part of CSF area, so we make enough space on the end of image to simply append it later, e.g. during device flash procedure. Introduced code was developed and tested on NXP i.MX6UL platform. Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> WIP_next-LS master next stable/v2018.12 v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0 v2019.10.0 v2019.09.0 v2019.08.1 v2019.08.0 v2019.07.0 v2019.06.1 v2019.06.0 v2019.05.0 v2019.04.0 v2019.03.0 v2019.02.0 v2019.01.0 v2018.12.0 v2018.11.0 v2018.10.0
1 parent 529f595 commit c953b05c3a66b72ddf59877168f5efc4c3782c06 Marcin Niestroj authored on 3 Sep 2018 Sascha Hauer committed on 4 Sep 2018

Browse code

.imxcfg configuration files support few more commands, all starting
with "hab_encrypt" string. That way it is possible to easily ignore
these commands, when image encryption was not requested. Hence, we can
use single .imxcfg file to generate signed and encrypted images in the
same build.

Images are encrypted in place by Freescale Code Signing Tool (cst),
using Data Encryption Key (DEK). This key needs to be encapsulated
by processor's hardware encryption engine to produce DEK blob, which
is unique for each device. DEK blob needs to be part of CSF area,
so we make enough space on the end of image to simply append it later,
e.g. during device flash procedure.

Introduced code was developed and tested on NXP i.MX6UL platform.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

WIP_next-LS master next stable/v2018.12 v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0 v2019.10.0 v2019.09.0 v2019.08.1 v2019.08.0 v2019.07.0 v2019.06.1 v2019.06.0 v2019.05.0 v2019.04.0 v2019.03.0 v2019.02.0 v2019.01.0 v2018.12.0 v2018.11.0 v2018.10.0

1 parent 529f595 commit c953b05c3a66b72ddf59877168f5efc4c3782c06

Marcin Niestroj authored on 3 Sep 2018

Sascha Hauer committed on 4 Sep 2018

Patch

Unified Split

Showing 4 changed files

Ignore Space Show notes View arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h

Ignore Space Show notes View arch/arm/mach-imx/include/mach/imx-header.h

Ignore Space Show notes View scripts/imx/imx-image.c

Ignore Space Show notes View scripts/imx/imx.c

Show line notes below