From 1bc20897c1263f038f5b27f7b3ed67aa15e97a5c Mon Sep 17 00:00:00 2001
From: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Date: Mon, 1 Mar 2021 20:04:11 +0800
Subject: arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)

Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
---
 common/Kconfig.boot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'common')

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index e650c60..9c335f4 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -138,7 +138,7 @@ config FIT_BEST_MATCH
 
 config FIT_IMAGE_POST_PROCESS
 	bool "Enable post-processing of FIT artifacts after loading by U-Boot"
-	depends on TI_SECURE_DEVICE
+	depends on TI_SECURE_DEVICE || SOCFPGA_SECURE_VAB_AUTH
 	help
 	  Allows doing any sort of manipulation to blobs after they got extracted
 	  from FIT images like stripping off headers or modifying the size of the
-- 
cgit v1.1