LFU-573-3 doc: imx8m: Update iMX8M secure boot and encrypted boot doc

Update the documents of iMX8M secure boot and encrypted boot to mention
the hash of FIT FDT and optional FIT FDT signature.
Add the steps for how to sign and generate FIT FDT signature.

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

Upstream-Status: Inappropriate [downstream specific]

Upstream U-Boot fixed this differently in combination with binman to
create the final bootcontainer.
Commit 6039e0edc854 ("imx: hab: Simplify the mechanism")

Backport from NXP downstream  [25fdc42caa30faa586a277162ae5373d3e2bc2be]

Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>

1 files changed, 32 insertions, 0 deletions

diff --git a/doc/imx/habv4/csf_examples/mx8m/csf_fit_fdt.txt b/doc/imx/habv4/csf_examples/mx8m/csf_fit_fdt.txt
new file mode 100644
index 0000000000..dd88843dee
--- /dev/null
+++ b/doc/imx/habv4/csf_examples/mx8m/csf_fit_fdt.txt
@@ -0,0 +1,32 @@
+[Header]
+    Version = 4.3
+    Hash Algorithm = sha256
+    Engine = CAAM
+    Engine Configuration = 0
+    Certificate Format = X509
+    Signature Format = CMS
+
+[Install SRK]
+    # Index of the key location in the SRK table to be installed
+    File = "../crts/SRK_1_2_3_4_table.bin"
+    Source index = 0
+
+[Install CSFK]
+    # Key used to authenticate the CSF data
+    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
+
+[Authenticate CSF]
+
+[Install Key]
+    # Key slot index used to authenticate the key to be installed
+    Verification index = 0
+    # Target key slot in HAB key store where key will be installed
+    Target index = 2
+    # Key to install
+    File = "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
+
+[Authenticate Data]
+    # Key slot index used to authenticate the image data
+    Verification index = 2
+    # Authenticate Start Address, Offset, Length and file
+    Blocks = 0x401fadc0 0x57c00 0x3020 "signed-flash.bin"