summaryrefslogtreecommitdiff
path: root/doc/README.imximage
diff options
context:
space:
mode:
authorStefano Babic <sbabic@denx.de>2013-06-27 11:42:38 +0200
committerStefano Babic <sbabic@denx.de>2013-08-31 15:06:29 +0200
commit0187c985aa870a74caeecd3bd10244322b7e4d99 (patch)
tree5e6a7b86f84be2ba4107e1957e37a81b2500e6d9 /doc/README.imximage
parent01390aff251e541fcaa77fa6c6e3eee4d7a5554b (diff)
tools: add support for setting the CSF into imximage
Add support for setting the CSF (Command Sequence File) pointer which is used for HAB (High Assurance Boot) in the imximage by adding e.g. CSF 0x2000 in the imximage.cfg file. This will set the CSF pointer accordingly just after the padded data image area. The boot_data.length is adjusted with the value from the imximage.cfg config file. The resulting u-boot.imx can be signed with the FSL HAB tooling. The generated CSF block needs to be appended to the u-boot.imx. Signed-off-by: Stefano Babic <sbabic@denx.de>
Diffstat (limited to 'doc/README.imximage')
-rw-r--r--doc/README.imximage30
1 files changed, 27 insertions, 3 deletions
diff --git a/doc/README.imximage b/doc/README.imximage
index 802eb90f1de..dcda2005af9 100644
--- a/doc/README.imximage
+++ b/doc/README.imximage
@@ -15,9 +15,6 @@ Booting from NOR flash does not require to use this image type.
For more details refer Chapter 2 - System Boot and section 2.14
(flash header description) of the processor's manual.
-This implementation does not use at the moment the secure boot feature
-of the processor. The image is generated disabling all security fields.
-
Command syntax:
--------------
./tools/mkimage -l <mx u-boot_file>
@@ -86,6 +83,33 @@ Configuration command line syntax:
Example:
BOOT_FROM spi
+ CSF value
+
+ Total size of CSF (Command Sequence File)
+ used for Secure Boot/ High Assurance Boot
+ (HAB).
+
+ Using this command will populate the IVT
+ (Initial Vector Table) CSF pointer and adjust
+ the length fields only. The CSF itself needs
+ to be generated with Freescale tools and
+ 'manually' appended to the u-boot.imx file.
+
+ The CSF is then simply concatenated
+ to the u-boot image, making a signed bootloader,
+ that the processor can verify
+ if the fuses for the keys are burned.
+
+ Further infos how to configure the SOC to verify
+ the bootloader can be found in the "High
+ Assurance Boot Version Application Programming
+ Interface Reference Manual" as part of the
+ Freescale Code Signing Tool, available on the
+ manufacturer's website.
+
+ Example:
+ CSF 0x2000
+
DATA type address value
type: word=4, halfword=2, byte=1