imx8m: Add DEK blob encapsulation for imx8m

Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
author: Clement Faure <clement.faure@nxp.com> 2021-03-25 17:30:33 +0800
committer: Stefano Babic <sbabic@denx.de> 2021-04-08 20:29:52 +0200
commit: 56d2050f40287fe46757d4cbe69d62a1381c3c64 (patch)
tree: e0306aa0489ba7b4bc923c2c5cc875b03cfabb04 /arch/arm/dts/imx8mp-evk-u-boot.dtsi
parent: 613cf239ed490f900b8f822df4a2d5a1a27d7a47 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/arch/arm/dts/imx8mp-evk-u-boot.dtsi b/arch/arm/dts/imx8mp-evk-u-boot.dtsi
index 6a91404d7b1..27075c5217b 100644
--- a/arch/arm/dts/imx8mp-evk-u-boot.dtsi
+++ b/arch/arm/dts/imx8mp-evk-u-boot.dtsi
@@ -9,6 +9,12 @@
 		wdt = <&wdog1>;
 		u-boot,dm-spl;
 	};
+	firmware {
+		optee {
+			compatible = "linaro,optee-tz";
+			method = "smc";
+		};
+	};
 };
 
 &{/soc@0} {
author	Clement Faure <clement.faure@nxp.com>	2021-03-25 17:30:33 +0800
committer	Stefano Babic <sbabic@denx.de>	2021-04-08 20:29:52 +0200
commit	56d2050f40287fe46757d4cbe69d62a1381c3c64 (patch)
tree	e0306aa0489ba7b4bc923c2c5cc875b03cfabb04 /arch/arm/dts/imx8mp-evk-u-boot.dtsi
parent	613cf239ed490f900b8f822df4a2d5a1a27d7a47 (diff)