From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7538C433F5 for ; Sat, 9 Oct 2021 20:42:14 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C7B4660F9D for ; Sat, 9 Oct 2021 20:42:13 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C7B4660F9D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=ziswiler.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 12939836B1; Sat, 9 Oct 2021 22:41:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=ziswiler.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 62F99836A3; Sat, 9 Oct 2021 22:41:43 +0200 (CEST) Received: from mout.perfora.net (mout.perfora.net [74.208.4.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 16D1583682 for ; Sat, 9 Oct 2021 22:41:36 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=ziswiler.com Authentication-Results: phobos.denx.de; spf=none smtp.mailfrom=marcel@ziswiler.com Received: from localhost.localdomain ([198.134.98.50]) by mrelay.perfora.net (mreueus004 [74.208.5.2]) with ESMTPSA (Nemesis) id 1MNLN8-1mOlHr1sy2-00Oog1; Sat, 09 Oct 2021 22:41:25 +0200 From: Marcel Ziswiler To: u-boot@lists.denx.de Cc: Heiko Thiery , Frieder Schrempf , Fabio Estevam , Stefano Babic , Marcel Ziswiler , "NXP i.MX U-Boot Team" , Simon Glass , Tom Rini Subject: [PATCH v6 03/11] ARM: dts: imx8mm-verdin: prepare for dek blob encapsulation Date: Sat, 9 Oct 2021 22:41:05 +0200 Message-Id: <20211009204113.1208641-4-marcel@ziswiler.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20211009204113.1208641-1-marcel@ziswiler.com> References: <20211009204113.1208641-1-marcel@ziswiler.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:Rr///nlzi2xqYC/WDeNq3ml/XXVBHIOvUjXaoT5f2goRZ1lEucO 4r8S0mca2QwqvhhD+Yy9oe/PzfNJyXyxxtF23c5z5/YmyjujfWeySa2tEKxfPxXot+F08Vg chm9HKYmhH3rcQRnCFSDoKXFRqIVsa5FciteXiSKxHh2lCADNBA9hqCUT382dVTY02Uf5PB BEw5/klJZj0S9uHuMo/WQ== X-UI-Out-Filterresults: notjunk:1;V03:K0:HcDmkhB4mGI=:Zunv1s8ucR5QNo9a4NS6e5 Navjx6LWpizW/hOoU+uRpoi5jphZvM+D2PVAWk+lrQ9gP59QouJsnYGwd+FuVFA28ib0k4sH1 R4u0Q4BLF2Dn26EoRiBzuUXQbJ8tmVUiHu2Pvm9aiKqkF21xy/bzLmp5RP1A5ZwvC89ICoDeC LF5buWNW0hit8rIubKIFrFg2gSBTb8r7kTsTIgY605XUjFF+fwMAzcqw80Vkh5DLaTHN26UcU dOz7LWOfRf6h623tIoHXDlShwSiIKmsFv8f8Aq+baXTYmKwjpDp56SotZ01CcAD3VKR4r9VKO 1XCTMmyOfrR63vIknqOu5W16gQFnJiiUxBsOi0J+l0Icvw9sXnuNsh1WmLBUql1JoNwK9+YNI U4Xt/L9S714GOf6xH4EdQ+GyM+eir2ixrcynylmIbdf4sW8dYdRAzDfh+rqJAKUPZSJUfdmuP Sq22ERb7pNdJaYlTSMNSi1RD3TVUBdMFnHz5e0O/iWTG/3GxTMkdrB8WH0wghEeVbYCwU1Ds9 UFM6E6GqCGSTvZAK3wc6cAcMIg+ap8XTPyF3+DYQg9/VAcsK87DI0kvuI2feoj7pEFtYzmjrT Jai9k5Xme4xdBAiWoPMvuZ8w4dBMlvX61iBam90cAigA50/vqPowHKGGufaZKPGIss+7C82MS xHtMsRvErscyhTjNWAQpgtIad96dAfJpAT+SE1RZ3pG1qCtMY/YUmQu4dmyeJtL1gygzNW5Lk S0F1MBQnSyrBHwEtlgotrn8msLwVBGcn/p2sSw== X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean From: Marcel Ziswiler Prepare for DEK blob encapsulation support through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Taken from NXP's commit 56d2050f4028 ("imx8m: Add DEK blob encapsulation for imx8m"). Signed-off-by: Marcel Ziswiler Reviewed-by: Fabio Estevam --- (no changes since v1) arch/arm/dts/imx8mm-verdin-u-boot.dtsi | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/arm/dts/imx8mm-verdin-u-boot.dtsi b/arch/arm/dts/imx8mm-verdin-u-boot.dtsi index 67c31c49b6c..a97626fa0c1 100644 --- a/arch/arm/dts/imx8mm-verdin-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-verdin-u-boot.dtsi @@ -6,6 +6,13 @@ #include "imx8mm-u-boot.dtsi" / { + firmware { + optee { + compatible = "linaro,optee-tz"; + method = "smc"; + }; + }; + wdt-reboot { compatible = "wdt-reboot"; wdt = <&wdog1>; -- 2.26.2