#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea701eeb |
|
25-Apr-2024 |
Marek Vasut <marex@denx.de> |
crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
0d795c35 |
|
22-Dec-2022 |
Kshitiz Varshney <kshitiz.varshney@nxp.com> |
Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
56d2050f |
|
25-Mar-2021 |
Clement Faure <clement.faure@nxp.com> |
imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
30e39ac7 |
|
25-Mar-2021 |
Breno Lima <breno.lima@nxp.com> |
imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
4c2cf973 |
|
03-Sep-2017 |
Clemens Gruber <clemens.gruber@pqgruber.com> |
crypto/fsl: fix obj-yy in Makefile When enabling CONFIG_CMD_BLOB and/or CONFIG_CMD_DEKBLOB, the build fails with a linker error: ... LD u-boot arch/arm/mach-imx/built-in.o: In function `blob_encap_dek': /home/clemens/dev/u-boot/arch/arm/mach-imx/cmd_dek.c:46: undefined reference to `blob_dek' This is due to an error in the Makefile, resulting in obj-yy/obj-yn/.. and fsl_blob.o is therefore not linked. Fix it by splitting it up into two obj-y lines. Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
|
#
057c2200 |
|
26-Jul-2015 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
Correct License and Copyright information on few files gpio.h - Added missing copyright in few files. rsa-mod-exp.h - Corrected copyright in the file. fsl_sec.h - Added missing license in files drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
|
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
|
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
|
#
0181937f |
|
14-Dec-2014 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
crypto/fsl: Add fixup for crypto node Era property is added in the crypto node in device tree. Move the code to do so from arch/powerpc/mpc8xxx/fdt.c to drivers/sec/sec.c so that it can be used across arm and powerpc platforms having crypto node. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> [York Sun: Fix commit message indentation] Reviewed-by: York Sun <yorksun@freescale.com>
|
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
|
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
|