* HAB/SecureBoot on IMX8MN @ 2022-10-13 5:20 BAUER Bernd 2022-10-13 7:32 ` Sascha Hauer 0 siblings, 1 reply; 5+ messages in thread From: BAUER Bernd @ 2022-10-13 5:20 UTC (permalink / raw) To: Barebox Mailingliste Hi! I have a question regarding SecureBoot/HAB and IMX8MN. In barebox I can only enable HAB if the architecture is set to IMX8MQ. My project is based on an IMX8MN. Can I just extend the definition to IMX8MN and enable SecureBoot for the IMX8MN? Does this work? Or are there differences in the registers that have to be implemented first? Greets Bernd ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: HAB/SecureBoot on IMX8MN 2022-10-13 5:20 HAB/SecureBoot on IMX8MN BAUER Bernd @ 2022-10-13 7:32 ` Sascha Hauer 2022-10-13 7:34 ` AW: " BAUER Bernd 0 siblings, 1 reply; 5+ messages in thread From: Sascha Hauer @ 2022-10-13 7:32 UTC (permalink / raw) To: BAUER Bernd; +Cc: Barebox Mailingliste Hi Bernd, On Thu, Oct 13, 2022 at 05:20:06AM +0000, BAUER Bernd wrote: > Hi! > > I have a question regarding SecureBoot/HAB and IMX8MN. > In barebox I can only enable HAB if the architecture is set to IMX8MQ. > My project is based on an IMX8MN. > > Can I just extend the definition to IMX8MN and enable SecureBoot for the IMX8MN? > Does this work? Or are there differences in the registers that have to be implemented first? >From a quick glance at the corresponding U-Boot code I'd say that HAB support is identical between the different i.MX8M variants, so the following might indeed be a good start exploring it. I have no idea though if there are any subtle differences between the SoCs. Sascha --------------------------------8<-------------------------- >From 0daeceb70f0dfe0d2fdb65c986a613fe2d3d6203 Mon Sep 17 00:00:00 2001 From: Sascha Hauer <s.hauer@pengutronix.de> Date: Thu, 13 Oct 2022 09:30:23 +0200 Subject: [PATCH] Enable HAB on i.MX8M Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> --- arch/arm/mach-imx/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index dcb70c8c1a..8d3f75e3d1 100644 --- a/arch/arm/mach-imx/Kconfig +++ b/arch/arm/mach-imx/Kconfig @@ -902,7 +902,7 @@ config HABV4 select HAB select NVMEM select IMX_OCOTP - depends on ARCH_IMX6 || ARCH_IMX8MQ + depends on ARCH_IMX6 || ARCH_IMX8M depends on OFDEVICE help High Assurance Boot, as found on i.MX28/i.MX6/i.MX8MQ. -- 2.30.2 -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 5+ messages in thread
* AW: HAB/SecureBoot on IMX8MN 2022-10-13 7:32 ` Sascha Hauer @ 2022-10-13 7:34 ` BAUER Bernd 2022-10-13 8:17 ` Sascha Hauer 2022-10-13 8:32 ` AW: " Rouven Czerwinski 0 siblings, 2 replies; 5+ messages in thread From: BAUER Bernd @ 2022-10-13 7:34 UTC (permalink / raw) To: Sascha Hauer; +Cc: Barebox Mailingliste Hi Sasha! Thank you! I'll try it. Greets Bernd -----Ursprüngliche Nachricht----- Von: Sascha Hauer <sha@pengutronix.de> Gesendet: Donnerstag, 13. Oktober 2022 09:32 An: BAUER Bernd <bernd.bauer@ses-imagotag.com> Cc: Barebox Mailingliste <barebox@lists.infradead.org> Betreff: Re: HAB/SecureBoot on IMX8MN Hi Bernd, On Thu, Oct 13, 2022 at 05:20:06AM +0000, BAUER Bernd wrote: > Hi! > > I have a question regarding SecureBoot/HAB and IMX8MN. > In barebox I can only enable HAB if the architecture is set to IMX8MQ. > My project is based on an IMX8MN. > > Can I just extend the definition to IMX8MN and enable SecureBoot for the IMX8MN? > Does this work? Or are there differences in the registers that have to be implemented first? >From a quick glance at the corresponding U-Boot code I'd say that HAB support is identical between the different i.MX8M variants, so the following might indeed be a good start exploring it. I have no idea though if there are any subtle differences between the SoCs. Sascha --------------------------------8<-------------------------- >From 0daeceb70f0dfe0d2fdb65c986a613fe2d3d6203 Mon Sep 17 00:00:00 2001 From: Sascha Hauer <s.hauer@pengutronix.de> Date: Thu, 13 Oct 2022 09:30:23 +0200 Subject: [PATCH] Enable HAB on i.MX8M Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> --- arch/arm/mach-imx/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index dcb70c8c1a..8d3f75e3d1 100644 --- a/arch/arm/mach-imx/Kconfig +++ b/arch/arm/mach-imx/Kconfig @@ -902,7 +902,7 @@ config HABV4 select HAB select NVMEM select IMX_OCOTP - depends on ARCH_IMX6 || ARCH_IMX8MQ + depends on ARCH_IMX6 || ARCH_IMX8M depends on OFDEVICE help High Assurance Boot, as found on i.MX28/i.MX6/i.MX8MQ. -- 2.30.2 -- Pengutronix e.K. | | Steuerwalder Str. 21 | https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.pengutronix.de%2F&data=05%7C01%7Cbernd.bauer%40ses-imagotag.com%7C34e74f243dea4f0185bd08daaced0750%7C026f3f97f4634c41ba74bc156c3be494%7C0%7C0%7C638012431286975126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RykG7xxwLLJK87kdqhDTBHJmAEfS7EyaL0smddx4OZk%3D&reserved=0 | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: HAB/SecureBoot on IMX8MN 2022-10-13 7:34 ` AW: " BAUER Bernd @ 2022-10-13 8:17 ` Sascha Hauer 2022-10-13 8:32 ` AW: " Rouven Czerwinski 1 sibling, 0 replies; 5+ messages in thread From: Sascha Hauer @ 2022-10-13 8:17 UTC (permalink / raw) To: BAUER Bernd; +Cc: Barebox Mailingliste On Thu, Oct 13, 2022 at 07:34:36AM +0000, BAUER Bernd wrote: > Hi Sasha! > > Thank you! I'll try it. HAB support is a bit tricky. Don't hesitate to ask if you have questions. Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: AW: HAB/SecureBoot on IMX8MN 2022-10-13 7:34 ` AW: " BAUER Bernd 2022-10-13 8:17 ` Sascha Hauer @ 2022-10-13 8:32 ` Rouven Czerwinski 1 sibling, 0 replies; 5+ messages in thread From: Rouven Czerwinski @ 2022-10-13 8:32 UTC (permalink / raw) To: BAUER Bernd, Sascha Hauer; +Cc: Barebox Mailingliste Hi Bernd, One of the pitfalls we had when enabling HAB for i.MX8MQ was that the SIP supported by the downstream TF-A to request the HAB event log was stalling the SoC forever. I couldn't find a way to make this work, so instead for i.MX8MQ we are parsing the HAB event log directly from SRAM. The i.MX8MN address is probably different and you'll have to check whether the same restrictions apply, i.e. if the HAB SIP is still broken on i.MX8MN. Best regards, Rouven ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-10-13 8:33 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-10-13 5:20 HAB/SecureBoot on IMX8MN BAUER Bernd 2022-10-13 7:32 ` Sascha Hauer 2022-10-13 7:34 ` AW: " BAUER Bernd 2022-10-13 8:17 ` Sascha Hauer 2022-10-13 8:32 ` AW: " Rouven Czerwinski
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox