On Tue, Sep 17, 2019 at 12:02:15PM +0200, Rouven Czerwinski wrote: > On Tue, 2019-09-17 at 11:13 +0200, Lucas Stach wrote: > > On Di, 2019-09-17 at 10:48 +0200, Rouven Czerwinski wrote: > > > Document the image and load structure for i.MX6 and i.MX8MQ. > > > > > > Signed-off-by: Rouven Czerwinski <r.czerwinski@xxxxxxxxxxxxxx> > > > --- > > > Documentation/boards/imx.rst | 69 > > > ++++++++++++++++++++++++++++++++++++ > > > 1 file changed, 69 insertions(+) > > > > > > diff --git a/Documentation/boards/imx.rst > > > b/Documentation/boards/imx.rst > > > index 71cc6bb09a..7110492eba 100644 > > > --- a/Documentation/boards/imx.rst > > > +++ b/Documentation/boards/imx.rst > > > @@ -142,6 +142,75 @@ It must be included in the board's flash > > > header: > > > > > > Analogous to HABv4 options and a template exist for HABv3. > > > > > > +Secure Boot on i.MX6 > > > +-------------------- > > > + > > > +The secure boot process on i.MX6 consist of the following image > > > constellation:: > > > + > > > + 0x0 +---------------------------------+ > > > + | Barebox Header | > > > + 0x400 +---------------------------------+ - > > > + | i.MX IVT Header | | > > > + | Boot Data +--+ | > > > + | CSF Pointer +--|-+ | Signed Area > > > + +---------------------------------+ | | | > > > + | Device Configuration Data (DCD) | | | | > > > + 0x1000 +---------------------------------+ | | | > > > + | Barebox Prebootloader (PBL) |<-+ | | > > > + +---------------------------------+ | | > > > + | Piggydata (Main Barebox Binary) | | | > > > + +---------------------------------+ | - > > > + | Command Sequence File (CSF) |<---+ > > > + +---------------------------------+ > > > + > > > +Here the Command Sequence File signs the complete Header, PBL and > > > piggy data > > > +file. This ensures that the whole barebox binary is authenticated. > > > This is > > > +possible since the DDR RAM is configured using the DCD and the > > > whole DDR memory > > > +area can be used to load data onto the device for authentication. > > > > That's not a universally true statement for all i.MX6 boards. There > > are > > quite a few that also do the two step loading with PBL in SRAM and > > DRAM > > setup from the PBL. But I'm not sure if and how we want to reflect > > this > > in the documentation. > > Do we even support HAB on these boards? They would require the same > setup as done on the i.MX8MQ currently, I have not looked into boards > in the tree yet. No, we don't have HAB support for these boards. Indeed we would have to do the same as on i.MX8. Maybe that's worth mentioning here. Sascha -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
