From: Marcel Ziswiler Date: Sat, 9 Oct 2021 20:41:05 +0000 (+0200) Subject: ARM: dts: imx8mm-verdin: prepare for dek blob encapsulation X-Git-Url: http://git.dujemihanovic.xyz/img/sics.gif?a=commitdiff_plain;h=8d060e4a66d6884341fbb3d8ab1d837a3f173d47;p=u-boot.git ARM: dts: imx8mm-verdin: prepare for dek blob encapsulation Prepare for DEK blob encapsulation support through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Taken from NXP's commit 56d2050f4028 ("imx8m: Add DEK blob encapsulation for imx8m"). Signed-off-by: Marcel Ziswiler Reviewed-by: Fabio Estevam --- diff --git a/arch/arm/dts/imx8mm-verdin-u-boot.dtsi b/arch/arm/dts/imx8mm-verdin-u-boot.dtsi index 67c31c49b6..a97626fa0c 100644 --- a/arch/arm/dts/imx8mm-verdin-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-verdin-u-boot.dtsi @@ -6,6 +6,13 @@ #include "imx8mm-u-boot.dtsi" / { + firmware { + optee { + compatible = "linaro,optee-tz"; + method = "smc"; + }; + }; + wdt-reboot { compatible = "wdt-reboot"; wdt = <&wdog1>;