Hi Gary, On 08/24/2016 03:12 AM, Gary Bisson wrote: > Hi Eric, all, > > On Tue, Aug 23, 2016 at 05:24:48PM -0700, Eric Nelson wrote: >> Nicely done Gary! >> >> On 08/23/2016 02:55 PM, Gary Bisson wrote: >>> So the option can easily be selected through menuconfig. >>> >>> Signed-off-by: Gary Bisson <gary.bis...@boundarydevices.com> >>> --- >>> arch/arm/imx-common/Kconfig | 9 +++++++++ >>> 1 file changed, 9 insertions(+) >>> >>> diff --git a/arch/arm/imx-common/Kconfig b/arch/arm/imx-common/Kconfig >>> index 1b7da5a..5ee230e 100644 >>> --- a/arch/arm/imx-common/Kconfig >>> +++ b/arch/arm/imx-common/Kconfig >>> @@ -17,3 +17,12 @@ config IMX_BOOTAUX >>> depends on ARCH_MX7 || ARCH_MX6 >>> help >>> bootaux [addr] to boot auxiliary core. >>> + >>> +config SECURE_BOOT >>> + bool "Support i.MX HAB features" >>> + depends on ARCH_MX7 || ARCH_MX6 || ARCH_MX5 >>> + help >>> + This option enables the support for secure boot (HAB) which >>> + includes adding a CSF section to the final imx image and >> ^^^ >> This doesn't add a CSF section. >> >> Perhaps this should say "can enable a conditional section of an >> i.MX configuration (.cfg) file when producing an imx image". > > Well now that you pointed out this sentence, I realize that it doesn't > even "add" the section per say, it just declares it in the IVT header. > It is then up to you to create and concatenate the CSF binary to the > u-boot.imx image. > > For those not familiar with HAB: > https://boundarydevices.com/high-assurance-boot-hab-dummies/ >
Nice! > Maybe in V2 I should keep it simple and just point to the README: > > This option enables the support for secure boot (HAB). > See doc/README.mxc_hab for more details. > Perfect. I think most folks only glance at the help while in menuconfig and README.mxc_hab is a better place for background. >>> + some security-related commands such as 'hab_status'. >>> + See doc/README.mxc_hab for more details. >>> >> >> You should probably include a note in README.mxc_hab about use >> in .cfg files. > > Yes that is a good point, will do in V2. > > Regards, > Gary > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
