There is no need to have an extra hab directory under doc/imx/:
- doc/imx/hab/ahab/
- doc/imx/hab/habv4/
Remove extra hab directory for a cleaner documentation structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
The current U-Boot implementation includes SPL targets for i.MX8QM and
i.MXQXP MEK boards:
- imx8qxp_mek_spl_defconfig
- imx8qxp_mek_spl_fspi_defconfig
- imx8qm_mek_spl_defconfig
- imx8qm_mek_spl_fspi_defconfig
The U-Boot proper and ATF are included in an additional container being
necessary a different procedure for signing the flash.bin image.
Add a step-by-step guide covering the signing procedure.
Add a CSF example for the 3rd container.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Frank Zhang <frank.zhang@nxp.com>
Reviewed-by: Marius Grigoras <marius.grigoras@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Add AHAB secure boot step-by-step guide for i.MX8 and i.MX8x families
devices.
Add 3 CSF example files:
- Example to sign flash.bin only using SRK keys.
- Example to sign flash.bin using a subordinate SGK key.
- Example to sign Linux image only using SRK keys.
Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com>
Reviewed-by: Frank Zhang <frank.zhang@nxp.com>
Reviewed-by: Marius Grigoras <marius.grigoras@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
The AHAB is currently supported in i.MX8QXP and i.MX8QM devices.
Add an introductory document containing the following topics:
- AHAB Secure Boot Architecture
- System Control Unit (SCU) introduction
- Security Controller (SECO) introduction
- i.MX8/8x secure boot flow
- AHAB PKI tree generation
- SRK Table and SRK Hash generation
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Frank Zhang <frank.zhang@nxp.com>
Reviewed-by: Marius Grigoras <marius.grigoras@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Add HABv4 documentation for i.MX8M and i.MX8MM targets covering the
following topics:
- How to sign an securely boot an flash.bin image.
- How to extend the root of trust for additional boot images.
- Add 2 CSF examples.
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Add useful documentation for encrypted boot:
- Add 2 CSF examples for encrypt and sign
- How to encrypt and sign a U-Boot binary on closed device
- Why and how increase the PRIBLOB bitfield from CAAM SCFGR
Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com>
Add HABv4 documentation for u-boot-dtb.imx targets covering the
following topics:
- How to sign an securely boot an u-boot-dtb.imx image.
- How to extend the root of trust for additional boot images.
- Add 3 CSF examples.
- Add IVT generation script example.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The HABv4 is supported in i.MX 50, i.MX 53, i.MX 6, i.MX 7,
series and i.MX 8M, i.MX8MM devices.
Add an introductory document containing the following topics:
- HABv4 Introduction
- HABv4 Secure Boot
- HABv4 Encrypted Boot
- HAB PKI tree generation
- HAB Fast Authentication PKI tree generation
- SRK Table and SRK Hash generation
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
There is no need to have README in all i.MX documents name.
Remove README from i.MX docs name and add .txt file extension.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
The Serial Download Protocol feature is availible in various
i.MX SoCs.
Move README.sdp document to imx/misc directory.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The current High Assurance Boot document README.mxc_hab
include details for the following features in a single file:
- HAB Secure Boot
- HAB Encrypted Boot
Split HAB documentation in a specific directory for a cleaner
documentation structure, subsequent patches will include more
content in HAB documentation.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The following documents describe device details according to the
i.MX family:
- README.imx25
- README.imx27
- README.imx5
- README.imx6
- README.mxs
Move all device common related document to doc/imx/common for a better
directory structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The following documents describe the image type used by the mkimage
tool to generate U-Boot images for i.MX devices.
- README.imximage
- README.mxsimage
Move all mkimage related document to doc/imx/mkimage for a better
directory structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Currently the Serial Download Protocol tools and procedure are
documented in two places:
- doc/imx/README.sdp
- doc/imx/README.imx6
It is better to consolidate all SDP related information into
README.sdp file, so move the content from README.imx6 to
README.sdp.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Currently the U-Boot doc/ directory contains the following files
that are only relevant for i.MX devices:
- doc/README.imx25
- doc/README.imx27
- doc/README.imx5
- doc/README.imx6
- doc/README.imximage
- doc/README.mxc_hab
- doc/README.mxs
- doc/README.mxsimage
- doc/README.sdp
Move all content to a common i.MX folder for a better documentation
structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Breno Lima
Clement Le Marquis