Skip to content

iMX8mm: support Foundries.io secure boot #227

Closed
ldts wants to merge 6 commits intofoundriesio:masterfrom
ldts:imx8mm
Closed

iMX8mm: support Foundries.io secure boot #227
ldts wants to merge 6 commits intofoundriesio:masterfrom
ldts:imx8mm

Conversation

@ldts
Copy link
Copy Markdown
Contributor

@ldts ldts commented Nov 6, 2020
edited
Loading

This PR needs bumping u-boot to: foundriesio/u-boot#31
(check that PR as it contains the required configuration files for uboot and uboot-mfgtool)

  • u-boot.itb images are hashed during build with the meta-lmp keys.
  • the u-boot.itb configuration node is signed with the meta-lmp keys.

==> SPL will validate the signature in u-boot.itb and the hashes

  • spl must be signed separately with the cst script in lmp-manifest/conf/imx_hab4/ if we want it to be validated with HABv4 ROM

Foundries io Secure Boot on iMX

@ldts ldts force-pushed the imx8mm branch 3 times, most recently from effa087 to baa95af Compare November 6, 2020 17:54
@ldts ldts changed the title Imx8mm iMX8mm: support secure boot - split imx-boot image into SPL and uboot.itb and allow the UUU flash them. Nov 6, 2020
ldts added 2 commits November 9, 2020 08:32
@ldts
bsp: imx-mkimage: imx8mm: support SPL and uboot.itb generation
5ee56ab 
Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
@ldts
bsp: u-boot-fio: install dt-spl and spl-nodtb
d8850f9 
Add spl.dtb and u-boot-nodtb

Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
@ldts ldts changed the title iMX8mm: support secure boot - split imx-boot image into SPL and uboot.itb and allow the UUU flash them. iMX8mm: support Foundries.io secure boot Nov 9, 2020
ldts
ldts commented Nov 11, 2020
View reviewed changes
Comment thread meta-lmp-bsp/recipes-bsp/imx-mkimage/imx-boot_%.bbappend
bbnote "building ${SOC_TARGET} - ${REV_OPTION} V2X=NO ${target}"
make SOC=${SOC_TARGET} ${REV_OPTION} V2X=NO flash_linux_m4
else
if [ "${MACHINE}" = "imx8mmevk" ]; then
Copy link
Copy Markdown
Contributor Author

@ldts ldts Nov 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of this, we should perhaps have IMBOOT_TARGETS=flash_spl defined in its own machine.conf file

@ldts
Copy link
Copy Markdown
Contributor Author

ldts commented Nov 25, 2020

we are going to need this PR if we want to try RPMB at some point (just because it would be good to test in our final incarnation of the release). maybe we could review next week and merge it on the next release?

@igoropaniuk igoropaniuk mentioned this pull request Jan 22, 2021
Closed
@ricardosalveti
Copy link
Copy Markdown
Member

ricardosalveti commented Jan 25, 2021

Closing this one in favor of #254

@mike-scott mike-scott mentioned this pull request Feb 12, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mike-scott mike-scott Awaiting requested review from mike-scott

@ricardosalveti ricardosalveti Awaiting requested review from ricardosalveti

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ldts @ricardosalveti