doc: imx: habv4: Add Secure Boot guide for i.MX6 and i.MX7 non-SPL targets

Add HABv4 documentation for non-SPL targets covering the
following topics:

- How to sign an securely boot an u-boot-dtb.imx image.
- How to extend the root of trust for additional boot images.
- Add 3 CSF examples.
- Add IVT generation script example.

Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>

3 files changed, 89 insertions, 0 deletions

diff --git a/doc/imx/habv4/csf_examples/additional_images/csf_additional_images.txt b/doc/imx/habv4/csf_examples/additional_images/csf_additional_images.txt
new file mode 100644
index 0000000..bbe4897
--- /dev/null
+++ b/doc/imx/habv4/csf_examples/additional_images/csf_additional_images.txt
@@ -0,0 +1,34 @@
+[Header]
+    Version = 4.2
+    Hash Algorithm = sha256
+    Engine Configuration = 0
+    Certificate Format = X509
+    Signature Format = CMS
+    Engine = CAAM
+
+[Install SRK]
+    # Index of the key location in the SRK table to be installed
+    File = "../crts/SRK_1_2_3_4_table.bin"
+    Source index = 0
+
+[Install CSFK]
+    # Key used to authenticate the CSF data
+    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
+
+[Authenticate CSF]
+
+[Install Key]
+    # Key slot index used to authenticate the key to be installed
+    Verification index = 0
+    # Target key slot in HAB key store where key will be installed
+    Target Index = 2
+    # Key to install
+    File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
+
+[Authenticate Data]
+    # Key slot index used to authenticate the image data
+    Verification index = 2
+    # Authenticate Start Address, Offset, Length and file
+    Blocks = 0x80800000 0x00000000 0x80EEA020 "zImage", \
+	     0x83800000 0x00000000 0x8380B927 "imx7d-sdb.dtb", \
+	     0x84000000 0x00000000 0x840425B8 "uTee-7dsdb"
diff --git a/doc/imx/habv4/csf_examples/mx6_mx7/csf_uboot.txt b/doc/imx/habv4/csf_examples/mx6_mx7/csf_uboot.txt
new file mode 100644
index 0000000..3998624
--- /dev/null
+++ b/doc/imx/habv4/csf_examples/mx6_mx7/csf_uboot.txt
@@ -0,0 +1,32 @@
+[Header]
+    Version = 4.2
+    Hash Algorithm = sha256
+    Engine Configuration = 0
+    Certificate Format = X509
+    Signature Format = CMS
+    Engine = CAAM
+
+[Install SRK]
+    # Index of the key location in the SRK table to be installed
+    File = "../crts/SRK_1_2_3_4_table.bin"
+    Source index = 0
+
+[Install CSFK]
+    # Key used to authenticate the CSF data
+    File = "../crts/CSF1_1_sha256_2048_65537_v3_usr_crt.pem"
+
+[Authenticate CSF]
+
+[Install Key]
+    # Key slot index used to authenticate the key to be installed
+    Verification index = 0
+    # Target key slot in HAB key store where key will be installed
+    Target Index = 2
+    # Key to install
+    File= "../crts/IMG1_1_sha256_2048_65537_v3_usr_crt.pem"
+
+[Authenticate Data]
+    # Key slot index used to authenticate the image data
+    Verification index = 2
+    # Authenticate Start Address, Offset, Length and file
+    Blocks =  0x877ff400 0x00000000 0x0009ec00 "u-boot-dtb.imx"
diff --git a/doc/imx/habv4/csf_examples/mx6_mx7/csf_uboot_fast_authentication.txt b/doc/imx/habv4/csf_examples/mx6_mx7/csf_uboot_fast_authentication.txt
new file mode 100644
index 0000000..cdb34bc
--- /dev/null
+++ b/doc/imx/habv4/csf_examples/mx6_mx7/csf_uboot_fast_authentication.txt
@@ -0,0 +1,23 @@
+[Header]
+    Version = 4.2
+    Hash Algorithm = sha256
+    Engine Configuration = 0
+    Certificate Format = X509
+    Signature Format = CMS
+    Engine = CAAM
+
+[Install SRK]
+    # Index of the key location in the SRK table to be installed
+    File = "../crts/SRK_1_2_3_4_table.bin"
+    Source index = 0
+
+[Install NOCAK]
+    File = "../crts/SRK1_sha256_2048_65537_v3_usr_crt.pem"
+
+[Authenticate CSF]
+
+[Authenticate Data]
+    # Key slot index 0 used to authenticate the image data
+    Verification index = 0
+    # Authenticate Start Address, Offset, Length and file
+    Blocks =  0x877ff400 0x00000000 0x0009ec00 "u-boot-dtb.imx"