u-boot.git/doc/imx/habv4, branch master Unnamed repository; edit this file 'description' to name the repository. imx: hab: fix srktool -c usage by removing spaces 2024-12-16T17:35:58+00:00 Christoph Fritz chf.fritz@googlemail.com 2024-12-16T14:59:00+00:00 7cf57825eb4366a474ee0a13ef690d460f8c4775 The srktool option -c does not allow spaces between certificate filenames. Only commas (',') should separate the filenames. If spaces are incorrectly included, srktool will not display an error or warning message but will only process the first certificate in the list. So adapt documentation accordingly. Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com> 
The srktool option -c does not allow spaces between certificate
filenames. Only commas (',') should separate the filenames. If spaces
are incorrectly included, srktool will not display an error or warning
message but will only process the first certificate in the list.

So adapt documentation accordingly.

Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
imx: hab: add documentation about the required keys/certs 2024-05-24T14:33:15+00:00 Claudius Heine ch@denx.de 2024-05-16T08:36:14+00:00 7457dc6f183303aaf2d58fff0a622e6791aba33c For CST to find the certificates and keys for signing, some keys and certs need to be copied into the u-boot build directory. Signed-off-by: Claudius Heine <ch@denx.de> 
For CST to find the certificates and keys for signing, some keys and
certs need to be copied into the u-boot build directory.

Signed-off-by: Claudius Heine <ch@denx.de>
imx: hab: Use nxp_imx8mcst etype for i.MX8M flash.bin signing 2024-05-24T14:22:02+00:00 Marek Vasut marex@denx.de 2024-05-21T10:48:26+00:00 52dc74feab49f5f0641b9662a06fe98a66a5c437 Update documentation and use nxp_imx8mcst binman etype for signing of flash.bin instead of previous horrible shell scripting. Reviewed-by: Tim Harvey <tharvey@gateworks.com> Signed-off-by: Marek Vasut <marex@denx.de> 
Update documentation and use nxp_imx8mcst binman etype for signing
of flash.bin instead of previous horrible shell scripting.

Reviewed-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Marek Vasut <marex@denx.de>
mx8m: csf.sh: pad csf blob for u-boot.itb to CSF_SIZE minus IVT header 2023-10-16T06:46:01+00:00 Rasmus Villemoes rasmus.villemoes@prevas.dk 2023-09-20T10:33:52+00:00 89f19f45d65019606374289b3444e08c3393e2b1 When built with CONFIG_IMX_HAB, the full FIT image, including stuff tacked on beyond the end of the fdt structure, is expected to be (fdt size rounded up to 0x1000 boundary)+CONFIG_CSF_SIZE. Now, when the FIT image is loaded from a storage device, it doesn't really matter that the flash.bin that gets written to target isn't quite that big - we will just load some garbage bytes that are never read or used for anything. But when flash.bin is uploaded via uuu, it's important that we actually serve at least as many bytes as the target expects, or we will hang in rom_api_download_image(). Extend the logic in the csf.sh script so that the csf blob is padded to CONFIG_CSF_SIZE minus the size of the IVT header. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Reviewed-by: Fabio Estevam <festevam@denx.de> Reviewed-by: Marek Vasut <marex@denx.de> 
When built with CONFIG_IMX_HAB, the full FIT image, including stuff
tacked on beyond the end of the fdt structure, is expected to be (fdt
size rounded up to 0x1000 boundary)+CONFIG_CSF_SIZE.

Now, when the FIT image is loaded from a storage device, it doesn't
really matter that the flash.bin that gets written to target isn't
quite that big - we will just load some garbage bytes that are never
read or used for anything. But when flash.bin is uploaded via uuu,
it's important that we actually serve at least as many bytes as the
target expects, or we will hang in rom_api_download_image().

Extend the logic in the csf.sh script so that the csf blob is padded
to CONFIG_CSF_SIZE minus the size of the IVT header.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Marek Vasut <marex@denx.de>
imx: hab: Use CONFIG_SPL_LOAD_FIT_ADDRESS in the CSF example 2023-10-16T06:46:01+00:00 Marek Vasut marex@denx.de 2023-08-31T14:56:03+00:00 97535e6b3a33cad6d343130399dd934d367cb530 The SPL authenticates image starting from CONFIG_SPL_LOAD_FIT_ADDRESS address, update the csf_fit.txt to match. Signed-off-by: Marek Vasut <marex@denx.de> Reviewed-by: Fabio Estevam <festevam@denx.de> 
The SPL authenticates image starting from CONFIG_SPL_LOAD_FIT_ADDRESS
address, update the csf_fit.txt to match.

Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Fabio Estevam <festevam@denx.de>
doc: csf_examples: csf.sh: Remove unneeded export ATF_LOAD_ADDR line 2023-08-19T02:12:53+00:00 Fabio Estevam festevam@denx.de 2023-08-15T13:48:01+00:00 951d63000e2daf8b128139cfed343fe2b2da5a93 Originally, exporting the ATF_LOAD_ADDR was required, but since binman has been used to generate the flash.bin, it is no longer needed to do such manual export. The ATF address is now passed via binman. Remove the unneeded export ATF_LOAD_ADDR line. Signed-off-by: Fabio Estevam <festevam@denx.de> 
Originally, exporting the ATF_LOAD_ADDR was required, but since binman has
been used to generate the flash.bin, it is no longer needed to do
such manual export.

The ATF address is now passed via binman.

Remove the unneeded export ATF_LOAD_ADDR line.

Signed-off-by: Fabio Estevam <festevam@denx.de>
mx8m: csf.sh: use vars for keys to avoid file edits when signing 2023-07-13T09:29:40+00:00 Tim Harvey tharvey@gateworks.com 2023-06-15T15:21:08+00:00 ff1dd520243320259b654065821b0f5cdea9f551 The csf_spl.txt and csf_fit.txt templates contain file paths which must be edited for the location of your NXP CST generated key files. Streamline the process of signing an image by assigning unique var names to these which can be expended from env variables in the csf.sh script. The following vars are used: SRK_TABLE - full path to SRK_1_2_3_4_table.bin CSF_KEY - full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem IMG_KEY - full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem Additionally provide an example of running the csf.sh script. Signed-off-by: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Fabio Estevam <festevam@denx.de> Reviewed-by: Peng Fan <peng.fan@nxp.com> 
The csf_spl.txt and csf_fit.txt templates contain file paths which must
be edited for the location of your NXP CST generated key files.

Streamline the process of signing an image by assigning unique var names
to these which can be expended from env variables in the csf.sh script.

The following vars are used:
 SRK_TABLE - full path to SRK_1_2_3_4_table.bin
 CSF_KEY - full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem
 IMG_KEY - full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem

Additionally provide an example of running the csf.sh script.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
doc: imx: habv4: Fix typo in 'signing' 2023-07-03T14:20:13+00:00 Fabio Estevam festevam@denx.de 2023-06-29T19:25:31+00:00 f5d98b01e10f05a823f3f5821c729198e56ebdbb Fix two occurrences where 'signing' is misspelled. Signed-off-by: Fabio Estevam <festevam@denx.de> Reviewed-by: Tim Harvey <tharvey@gateworks.com> 
Fix two occurrences where 'signing' is misspelled.

Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Tim Harvey <tharvey@gateworks.com>
imx: hab: Simplify the mechanism 2023-06-24T17:47:02+00:00 Marek Vasut marex@denx.de 2023-05-28T21:00:30+00:00 6039e0edc8540bd2abee780549b260bdaf089168 The current mechanism is unnecessarily complex. Simplify the whole mechanism such that the entire fitImage is signed, IVT is placed at the end, followed by CSF, and this entire bundle is also authenticated. This makes the signing scripting far simpler. Signed-off-by: Marek Vasut <marex@denx.de> 
The current mechanism is unnecessarily complex. Simplify the whole mechanism
such that the entire fitImage is signed, IVT is placed at the end, followed
by CSF, and this entire bundle is also authenticated. This makes the signing
scripting far simpler.

Signed-off-by: Marek Vasut <marex@denx.de>
Rename CONFIG_SYS_TEXT_BASE to CONFIG_TEXT_BASE 2022-10-31T15:01:31+00:00 Simon Glass sjg@chromium.org 2022-10-21T00:22:39+00:00 984639039f4cfe32ec2cc531d6ace05326ac49eb The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE and this makes it imposible to use CONFIG_VAL(). Rename it to resolve this problem. Signed-off-by: Simon Glass <sjg@chromium.org> 
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().

Rename it to resolve this problem.

Signed-off-by: Simon Glass <sjg@chromium.org>