diff options
author | Siew Chin Lim <elly.siew.chin.lim@intel.com> | 2021-03-01 20:04:11 +0800 |
---|---|---|
committer | Ley Foon Tan <ley.foon.tan@intel.com> | 2021-03-08 10:59:10 +0800 |
commit | 1bc20897c1263f038f5b27f7b3ed67aa15e97a5c (patch) | |
tree | 2c422be99e5e4ebd40d2b8b9df36a39a22a8aa06 /common | |
parent | 9a5bbdfd1a952901bda567d7d56225374ef883bc (diff) | |
download | u-boot-1bc20897c1263f038f5b27f7b3ed67aa15e97a5c.tar.gz u-boot-1bc20897c1263f038f5b27f7b3ed67aa15e97a5c.tar.bz2 u-boot-1bc20897c1263f038f5b27f7b3ed67aa15e97a5c.zip |
arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Diffstat (limited to 'common')
-rw-r--r-- | common/Kconfig.boot | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index e650c605d1..9c335f4f8c 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -138,7 +138,7 @@ config FIT_BEST_MATCH config FIT_IMAGE_POST_PROCESS bool "Enable post-processing of FIT artifacts after loading by U-Boot" - depends on TI_SECURE_DEVICE + depends on TI_SECURE_DEVICE || SOCFPGA_SECURE_VAB_AUTH help Allows doing any sort of manipulation to blobs after they got extracted from FIT images like stripping off headers or modifying the size of the |