From: Simon Glass Date: Thu, 22 Mar 2018 13:26:14 +0000 (-0300) Subject: Convert CONFIG_CMD_BLOB to Kconfig X-Git-Tag: rel_imx_4.9.88_2.0.0_ga~17 X-Git-Url: https://git.somdevices.com/?a=commitdiff_plain;h=ff8ab3ff76e0da08e7253ed6446ba8d79e51c0ec;p=u-boot.git Convert CONFIG_CMD_BLOB to Kconfig This converts the following to Kconfig: CONFIG_CMD_BLOB Signed-off-by: Simon Glass [trini: Add imply CMD_BLOB under CHAIN_OF_TRUST] Signed-off-by: Tom Rini [Breno: Backported to v2017.03] Signed-off-by: Breno Lima Reviewed-by: Ye Li (cherry picked from commit 921eb14d54c612680c3e73d9ddf9e1b9f526905f) --- diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index ccb513fba2..c8d0db44e6 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -28,7 +28,6 @@ #endif /* ifdef CONFIG_SPL_BUILD */ #ifndef CONFIG_SPL_BUILD -#define CONFIG_CMD_BLOB #define CONFIG_CMD_HASH #define CONFIG_KEY_REVOCATION #ifndef CONFIG_SYS_RAMBOOT diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 1b7cf0996b..62ce816b13 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -100,7 +100,6 @@ #endif /* ifdef CONFIG_SPL_BUILD */ #define CONFIG_CMD_ESBC_VALIDATE -#define CONFIG_CMD_BLOB #define CONFIG_FSL_SEC_MON #define CONFIG_SHA_PROG_HW_ACCEL diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 49795d36ce..e85e17ebde 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -2,6 +2,7 @@ if !ARCH_IMX8M && !ARCH_IMX8 config CHAIN_OF_TRUST depends on !FIT_SIGNATURE && SECURE_BOOT + imply CMD_BLOB select FSL_CAAM bool default y diff --git a/cmd/Kconfig b/cmd/Kconfig index ef53156314..5e651b20a9 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -740,6 +740,51 @@ config CMD_REGULATOR endmenu menu "Security commands" + +config CMD_BLOB + bool "Enable the 'blob' command" + help + This is used with the Freescale secure boot mechanism. + + Freescale's SEC block has built-in Blob Protocol which provides + a method for protecting user-defined data across system power + cycles. SEC block protects data in a data structure called a Blob, + which provides both confidentiality and integrity protection. + + Encapsulating data as a blob + Each time that the Blob Protocol is used to protect data, a + different randomly generated key is used to encrypt the data. + This random key is itself encrypted using a key which is derived + from SoC's non-volatile secret key and a 16 bit Key identifier. + The resulting encrypted key along with encrypted data is called a + blob. The non-volatile secure key is available for use only during + secure boot. + + During decapsulation, the reverse process is performed to get back + the original data. + + Sub-commands: + blob enc - encapsulating data as a cryptgraphic blob + blob dec - decapsulating cryptgraphic blob to get the data + + Syntax: + + blob enc src dst len km + + Encapsulate and create blob of data $len bytes long + at address $src and store the result at address $dst. + $km is the 16 byte key modifier is also required for + generation/use as key for cryptographic operation. Key + modifier should be 16 byte long. + + blob dec src dst len km + + Decapsulate the blob of data at address $src and + store result of $len byte at addr $dst. + $km is the 16 byte key modifier is also required for + generation/use as key for cryptographic operation. Key + modifier should be 16 byte long. + config CMD_TPM bool "Enable the 'tpm' command" depends on TPM diff --git a/cmd/Makefile b/cmd/Makefile index f13bb8c11e..d13c80b123 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -158,9 +158,9 @@ obj-$(CONFIG_CMD_ETHSW) += ethsw.o # Power obj-$(CONFIG_CMD_PMIC) += pmic.o obj-$(CONFIG_CMD_REGULATOR) += regulator.o -endif # !CONFIG_SPL_BUILD obj-$(CONFIG_CMD_BLOB) += blob.o +endif # !CONFIG_SPL_BUILD # core command obj-y += nvedit.o diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt index 20fe95d99c..a326393223 100644 --- a/scripts/config_whitelist.txt +++ b/scripts/config_whitelist.txt @@ -459,7 +459,6 @@ CONFIG_CMD_AES CONFIG_CMD_ASKEN CONFIG_CMD_BAT CONFIG_CMD_BEDBUG -CONFIG_CMD_BLOB CONFIG_CMD_BMODE CONFIG_CMD_BMP CONFIG_CMD_BOOTLDR