Skip to content
Commit 56d2050f authored by Clement Faure's avatar Clement Faure Committed by Stefano Babic
Browse files

imx8m: Add DEK blob encapsulation for imx8m 



Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.

To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y

Signed-off-by: default avatarClement Faure <clement.faure@nxp.com>
Reviewed-by: default avatarYe Li <ye.li@nxp.com>
Signed-off-by: default avatarPeng Fan <peng.fan@nxp.com>
parent 613cf239
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment