diff options
author | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2021-10-09 22:41:05 +0200 |
---|---|---|
committer | Stefano Babic <sbabic@denx.de> | 2021-10-20 15:08:25 +0200 |
commit | 8d060e4a66d6884341fbb3d8ab1d837a3f173d47 (patch) | |
tree | d8cbb75fbffa5efd1f246f3e4d9bcfa5d1b2ec39 /arch | |
parent | 5206f1ce0c137aab59ddafe89c2a1e8c87189d22 (diff) | |
download | u-boot-8d060e4a66d6884341fbb3d8ab1d837a3f173d47.zip u-boot-8d060e4a66d6884341fbb3d8ab1d837a3f173d47.tar.gz u-boot-8d060e4a66d6884341fbb3d8ab1d837a3f173d47.tar.bz2 |
ARM: dts: imx8mm-verdin: prepare for dek blob encapsulation
Prepare for DEK blob encapsulation support through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application
call. U-boot sends and receives the DEK and the DEK blob binaries
through OP-TEE dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y
Taken from NXP's commit 56d2050f4028 ("imx8m: Add DEK blob encapsulation
for imx8m").
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/arm/dts/imx8mm-verdin-u-boot.dtsi | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/arch/arm/dts/imx8mm-verdin-u-boot.dtsi b/arch/arm/dts/imx8mm-verdin-u-boot.dtsi index 67c31c4..a97626f 100644 --- a/arch/arm/dts/imx8mm-verdin-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-verdin-u-boot.dtsi @@ -6,6 +6,13 @@ #include "imx8mm-u-boot.dtsi" / { + firmware { + optee { + compatible = "linaro,optee-tz"; + method = "smc"; + }; + }; + wdt-reboot { compatible = "wdt-reboot"; wdt = <&wdog1>; |