Cross Reference: /u-boot/drivers/crypto/fsl/Makefile

History log of /u-boot/drivers/crypto/fsl/Makefile
Revision	Date	Author	Comments
# ea701eeb	25-Apr-2024	Marek Vasut <marex@denx.de>	crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
# 0d795c35	22-Dec-2022	Kshitiz Varshney <kshitiz.varshney@nxp.com>	Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# 56d2050f	25-Mar-2021	Clement Faure <clement.faure@nxp.com>	imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# 30e39ac7	25-Mar-2021	Breno Lima <breno.lima@nxp.com>	imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# ea95f214	27-Jun-2020	Michael Walle <michael@walle.cc>	crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
# ea701eeb	25-Apr-2024	Marek Vasut <marex@denx.de>	crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
# 0d795c35	22-Dec-2022	Kshitiz Varshney <kshitiz.varshney@nxp.com>	Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# 56d2050f	25-Mar-2021	Clement Faure <clement.faure@nxp.com>	imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# 30e39ac7	25-Mar-2021	Breno Lima <breno.lima@nxp.com>	imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# ea95f214	27-Jun-2020	Michael Walle <michael@walle.cc>	crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
# ea701eeb	25-Apr-2024	Marek Vasut <marex@denx.de>	crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
# 0d795c35	22-Dec-2022	Kshitiz Varshney <kshitiz.varshney@nxp.com>	Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# 56d2050f	25-Mar-2021	Clement Faure <clement.faure@nxp.com>	imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# 30e39ac7	25-Mar-2021	Breno Lima <breno.lima@nxp.com>	imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# ea95f214	27-Jun-2020	Michael Walle <michael@walle.cc>	crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
# ea701eeb	25-Apr-2024	Marek Vasut <marex@denx.de>	crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
# 0d795c35	22-Dec-2022	Kshitiz Varshney <kshitiz.varshney@nxp.com>	Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# 56d2050f	25-Mar-2021	Clement Faure <clement.faure@nxp.com>	imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# 30e39ac7	25-Mar-2021	Breno Lima <breno.lima@nxp.com>	imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# ea95f214	27-Jun-2020	Michael Walle <michael@walle.cc>	crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
# ea701eeb	25-Apr-2024	Marek Vasut <marex@denx.de>	crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
# 0d795c35	22-Dec-2022	Kshitiz Varshney <kshitiz.varshney@nxp.com>	Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# 56d2050f	25-Mar-2021	Clement Faure <clement.faure@nxp.com>	imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# 30e39ac7	25-Mar-2021	Breno Lima <breno.lima@nxp.com>	imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# ea95f214	27-Jun-2020	Michael Walle <michael@walle.cc>	crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
# ea701eeb	25-Apr-2024	Marek Vasut <marex@denx.de>	crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
# 0d795c35	22-Dec-2022	Kshitiz Varshney <kshitiz.varshney@nxp.com>	Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# 56d2050f	25-Mar-2021	Clement Faure <clement.faure@nxp.com>	imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# 30e39ac7	25-Mar-2021	Breno Lima <breno.lima@nxp.com>	imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# ea95f214	27-Jun-2020	Michael Walle <michael@walle.cc>	crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
# ea701eeb	25-Apr-2024	Marek Vasut <marex@denx.de>	crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
# 0d795c35	22-Dec-2022	Kshitiz Varshney <kshitiz.varshney@nxp.com>	Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# 56d2050f	25-Mar-2021	Clement Faure <clement.faure@nxp.com>	imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# 30e39ac7	25-Mar-2021	Breno Lima <breno.lima@nxp.com>	imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# ea95f214	27-Jun-2020	Michael Walle <michael@walle.cc>	crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
# ea701eeb	25-Apr-2024	Marek Vasut <marex@denx.de>	crypto/fsl: Introduce SPL_FSL_CAAM_RNG Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can be disabled in SPL if necessary. This may be necessary due to e.g. size constraints of the SPL. Signed-off-by: Marek Vasut <marex@denx.de>
# 0d795c35	22-Dec-2022	Kshitiz Varshney <kshitiz.varshney@nxp.com>	Uboot RNG Driver using Data Co-processor This commit introduces Random number generator to uboot. It uses DCP driver for number generation. RNG driver can be invoked by using below command on uboot prompt:- rng <number of bytes> Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
# 56d2050f	25-Mar-2021	Clement Faure <clement.faure@nxp.com>	imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# 30e39ac7	25-Mar-2021	Breno Lima <breno.lima@nxp.com>	imx: imx7 Support for Manufacturing Protection This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
# ea95f214	27-Jun-2020	Michael Walle <michael@walle.cc>	crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>