X-Git-Url: https://git.kernelconcepts.de/?p=karo-tx-uboot.git;a=blobdiff_plain;f=doc%2FREADME.imximage;h=27d335456997a702ff072f870e7e97fc5d91c74a;hp=802eb90f1de6b352dc383f69cdc234b0b64cccd9;hb=b8162f1b75b4c52f3ca431520742af8bf0721cd9;hpb=d6639d10dbfa42dc888f8917012550b632a88959 diff --git a/doc/README.imximage b/doc/README.imximage index 802eb90f1d..27d3354569 100644 --- a/doc/README.imximage +++ b/doc/README.imximage @@ -15,9 +15,6 @@ Booting from NOR flash does not require to use this image type. For more details refer Chapter 2 - System Boot and section 2.14 (flash header description) of the processor's manual. -This implementation does not use at the moment the secure boot feature -of the processor. The image is generated disabling all security fields. - Command syntax: -------------- ./tools/mkimage -l @@ -86,6 +83,33 @@ Configuration command line syntax: Example: BOOT_FROM spi + CSF value + + Total size of CSF (Command Sequence File) + used for Secure Boot/ High Assurance Boot + (HAB). + + Using this command will populate the IVT + (Initial Vector Table) CSF pointer and adjust + the length fields only. The CSF itself needs + to be generated with Freescale tools and + 'manually' appended to the u-boot.imx file. + + The CSF is then simply concatenated + to the u-boot image, making a signed bootloader, + that the processor can verify + if the fuses for the keys are burned. + + Further infos how to configure the SOC to verify + the bootloader can be found in the "High + Assurance Boot Version Application Programming + Interface Reference Manual" as part of the + Freescale Code Signing Tool, available on the + manufacturer's website. + + Example: + CSF 0x2000 + DATA type address value type: word=4, halfword=2, byte=1 @@ -96,7 +120,7 @@ Configuration command line syntax: DATA 4 0x73FA88a0 0x200 The processor support up to 60 register programming commands for IMXIMAGE_VERSION 1 -and 121 register programming commands for IMXIMAGE_VERSION 2. +and 220 register programming commands for IMXIMAGE_VERSION 2. An error is generated if more commands are found in the configuration file. 3. All commands are optional to program.