]> git.dujemihanovic.xyz Git - u-boot.git/commit
projects / u-boot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5206f1c) | patch
ARM: dts: imx8mm-verdin: prepare for dek blob encapsulation
authorMarcel Ziswiler <marcel.ziswiler@toradex.com>
Sat, 9 Oct 2021 20:41:05 +0000 (22:41 +0200)
committerStefano Babic <sbabic@denx.de>
Wed, 20 Oct 2021 13:08:25 +0000 (15:08 +0200)
commit8d060e4a66d6884341fbb3d8ab1d837a3f173d47
treed8cbb75fbffa5efd1f246f3e4d9bcfa5d1b2ec39tree | snapshot
parent5206f1ce0c137aab59ddafe89c2a1e8c87189d22commit | diff
ARM: dts: imx8mm-verdin: prepare for dek blob encapsulation

Prepare for DEK blob encapsulation support through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application
call. U-boot sends and receives the DEK and the DEK blob binaries
through OP-TEE dynamic shared memory.

To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y

Taken from NXP's commit 56d2050f4028 ("imx8m: Add DEK blob encapsulation
for imx8m").

Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
arch/arm/dts/imx8mm-verdin-u-boot.dtsi diff | blob | history
My U-Boot fork