ccmp1: add secure console support
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
This commit is contained in:
Mike Engel
parent
dc66ea2735
commit
c515187ed4
|
|
@ -159,3 +159,7 @@ BOOTABLE_ARTIFACTS = " \
|
||||||
arm-trusted-firmware/tf-a-ccmp13-dvk-nand.stm32 \
|
arm-trusted-firmware/tf-a-ccmp13-dvk-nand.stm32 \
|
||||||
fip/fip-ccmp13-dvk-optee.bin \
|
fip/fip-ccmp13-dvk-optee.bin \
|
||||||
"
|
"
|
||||||
|
|
||||||
|
# TRUSTFENCE basic support
|
||||||
|
# Alternatively, uncommment to enable the console with the specified GPIO
|
||||||
|
# TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME ?= "GPIOB6"
|
||||||
|
|
|
||||||
|
|
@ -172,3 +172,7 @@ BOOT_DEV_NAME ?= "linux"
|
||||||
ROOTFS_DEV_NAME ?= "rootfs"
|
ROOTFS_DEV_NAME ?= "rootfs"
|
||||||
ROOTFS_ENC_DEV = "${ROOTFS_DEV_NAME}"
|
ROOTFS_ENC_DEV = "${ROOTFS_DEV_NAME}"
|
||||||
ROOTFS_DEV_NAME_FINAL = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS') == '1', '${ROOTFS_ENC_DEV}', '${ROOTFS_DEV_NAME}')}"
|
ROOTFS_DEV_NAME_FINAL = "${@oe.utils.ifelse(d.getVar('TRUSTFENCE_ENCRYPT_ROOTFS') == '1', '${ROOTFS_ENC_DEV}', '${ROOTFS_DEV_NAME}')}"
|
||||||
|
|
||||||
|
# TRUSTFENCE basic support
|
||||||
|
# Alternatively, uncommment to enable the console with the specified GPIO
|
||||||
|
# TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME ?= "GPIOA5"
|
||||||
|
|
|
||||||
|
|
@ -47,3 +47,9 @@ IMAGE_FSTYPES:remove = "ext4 tar.xz"
|
||||||
|
|
||||||
# List of supported boot devices
|
# List of supported boot devices
|
||||||
BOOTDEVICE_LABELS ?= "sdcard"
|
BOOTDEVICE_LABELS ?= "sdcard"
|
||||||
|
|
||||||
|
# Default secure console configuration
|
||||||
|
TRUSTFENCE_CONSOLE_DISABLE ?= "0"
|
||||||
|
|
||||||
|
# Alternatively, uncommment to enable the console autoboot stop passphrase
|
||||||
|
# TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE = ""
|
||||||
|
|
|
||||||
|
|
@ -47,9 +47,15 @@ python () {
|
||||||
d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_DISABLE=y ")
|
d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_DISABLE=y ")
|
||||||
if d.getVar("TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE"):
|
if d.getVar("TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE"):
|
||||||
passphrase_hash = hashlib.sha256(d.getVar("TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE").encode()).hexdigest()
|
passphrase_hash = hashlib.sha256(d.getVar("TRUSTFENCE_CONSOLE_PASSPHRASE_ENABLE").encode()).hexdigest()
|
||||||
d.appendVar("UBOOT_TF_CONF", 'CONFIG_CONSOLE_ENABLE_PASSPHRASE=y CONFIG_CONSOLE_ENABLE_PASSPHRASE_KEY="%s" ' % passphrase_hash)
|
if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
|
||||||
|
d.appendVar("UBOOT_TF_CONF", 'CONFIG_CONSOLE_ENABLE_PASSPHRASE=y CONFIG_CONSOLE_ENABLE_PASSPHRASE_KEY="%s" ' % passphrase_hash)
|
||||||
|
elif (d.getVar("DEY_SOC_VENDOR") == "STM"):
|
||||||
|
d.appendVar("UBOOT_TF_CONF", 'CONFIG_AUTOBOOT_KEYED=y CONFIG_AUTOBOOT_ENCRYPTION=y CONFIG_AUTOBOOT_STOP_STR_ENABLE=y CONFIG_AUTOBOOT_STOP_STR_SHA256="%s" ' % passphrase_hash)
|
||||||
elif d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"):
|
elif d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"):
|
||||||
d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NR=%s " % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"))
|
if (d.getVar("DEY_SOC_VENDOR") == "NXP"):
|
||||||
|
d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NR=%s " % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE"))
|
||||||
|
elif (d.getVar("DEY_SOC_VENDOR") == "STM"):
|
||||||
|
d.appendVar("UBOOT_TF_CONF", "CONFIG_CONSOLE_ENABLE_GPIO=y CONFIG_CONSOLE_ENABLE_GPIO_NAME=%s " % d.getVar("TRUSTFENCE_CONSOLE_GPIO_ENABLE_NAME"))
|
||||||
|
|
||||||
# Secure boot configuration
|
# Secure boot configuration
|
||||||
if (d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") == "default"):
|
if (d.getVar("TRUSTFENCE_SIGN_KEYS_PATH") == "default"):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue