summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorSiew Chin Lim <elly.siew.chin.lim@intel.com>2021-03-01 20:04:11 +0800
committerLey Foon Tan <ley.foon.tan@intel.com>2021-03-08 10:59:10 +0800
commit1bc20897c1263f038f5b27f7b3ed67aa15e97a5c (patch)
tree2c422be99e5e4ebd40d2b8b9df36a39a22a8aa06 /common
parent9a5bbdfd1a952901bda567d7d56225374ef883bc (diff)
downloadu-boot-1bc20897c1263f038f5b27f7b3ed67aa15e97a5c.tar.gz
u-boot-1bc20897c1263f038f5b27f7b3ed67aa15e97a5c.tar.bz2
u-boot-1bc20897c1263f038f5b27f7b3ed67aa15e97a5c.zip
arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Vendor Authorized Boot is a security feature for authenticating the images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and etc loaded from FIT. After those images are loaded from FIT, the VAB certificate and signature block appended at the end of each image are sent to Secure Device Manager (SDM) for authentication. U-Boot will validate the SHA384 of the image against the SHA384 hash stored in the VAB certificate before sending the image to SDM for authentication. Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com> Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Diffstat (limited to 'common')
-rw-r--r--common/Kconfig.boot2
1 files changed, 1 insertions, 1 deletions
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index e650c605d1..9c335f4f8c 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -138,7 +138,7 @@ config FIT_BEST_MATCH
config FIT_IMAGE_POST_PROCESS
bool "Enable post-processing of FIT artifacts after loading by U-Boot"
- depends on TI_SECURE_DEVICE
+ depends on TI_SECURE_DEVICE || SOCFPGA_SECURE_VAB_AUTH
help
Allows doing any sort of manipulation to blobs after they got extracted
from FIT images like stripping off headers or modifying the size of the