scripts: imx: Support encrypted boot with HABv4
.imxcfg configuration files support few more commands, all starting with "hab_encrypt" string. That way it is possible to easily ignore these commands, when image encryption was not requested. Hence, we can use single .imxcfg file to generate signed and encrypted images in the same build. Images are encrypted in place by Freescale Code Signing Tool (cst), using Data Encryption Key (DEK). This key needs to be encapsulated by processor's hardware encryption engine to produce DEK blob, which is unique for each device. DEK blob needs to be part of CSF area, so we make enough space on the end of image to simply append it later, e.g. during device flash procedure. Introduced code was developed and tested on NXP i.MX6UL platform. Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
WIP_next-LS
master
next
stable/v2018.12
v2020.07.0
v2020.06.0
v2020.05.0
v2020.04.0
v2020.03.0
v2020.02.0
v2020.01.0
v2019.12.0
v2019.11.0
v2019.10.0
v2019.09.0
v2019.08.1
v2019.08.0
v2019.07.0
v2019.06.1
v2019.06.0
v2019.05.0
v2019.04.0
v2019.03.0
v2019.02.0
v2019.01.0
v2018.12.0
v2018.11.0
v2018.10.0
|
---|
|
arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h |
---|
arch/arm/mach-imx/include/mach/imx-header.h |
---|
scripts/imx/imx-image.c |
---|
scripts/imx/imx.c |
---|