Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • next
  • WIP/19Aug2019
  • u-boot-2016.09.y
  • u-boot-2013.01.y
  • u-boot-2009.11.y
  • origin
  • v2020.04-rc3
  • v2020.04-rc2
  • v2020.04-rc1
  • v2020.01
  • v2020.01-rc5
  • v2020.01-rc4
  • v2020.01-rc3
  • v2020.01-rc2
  • v2020.01-rc1
  • v2019.10
  • v2019.10-rc4
  • v2019.10-rc3
  • v2019.10-rc2
  • v2019.10-rc1
  • v2019.07
  • v2019.07-rc4
  • v2019.07-rc3
  • v2019.07-rc2
  • v2019.07-rc1
  • v2019.04
27 results
Blame Permalink
  • Breno Matheus Lima's avatar
    5b20d141
    imx: Kconfig: Reduce default CONFIG_CSF_SIZE · 5b20d141
    Breno Matheus Lima authored 
    
The default CSF_SIZE defined in Kconfig is too high and SPL cannot
fit into the OCRAM in certain cases.

The CSF cannot achieve 0x2000 length when using RSA 4K key which is
the largest key size supported by HABv4.

According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
it's recommended to pad CSF binary to 0x2000 and append DEK blob to
deploy encrypted boot images.

As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060
which should cover both CSF and DEK blob length.

Update default_image.c and image.c to align with this change and avoid
a U-Boot proper authentication failure in HAB closed devices:

Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x32 length=0x6131 version=0x38
bad length magic=0x32 length=0x6131 version=0x38
bad version magic=0x32 length=0x6131 version=0x38
spl: ERROR:  image authentication fail

Fixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets")

Reported-by: default avatarJagan Teki <jagan@amarulasolutions.com>
Signed-off-by: default avatarBreno Lima <breno.lima@nxp.com>
    5b20d141
    History
    imx: Kconfig: Reduce default CONFIG_CSF_SIZE
    Breno Matheus Lima authored 
    
The default CSF_SIZE defined in Kconfig is too high and SPL cannot
fit into the OCRAM in certain cases.

The CSF cannot achieve 0x2000 length when using RSA 4K key which is
the largest key size supported by HABv4.

According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
it's recommended to pad CSF binary to 0x2000 and append DEK blob to
deploy encrypted boot images.

As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060
which should cover both CSF and DEK blob length.

Update default_image.c and image.c to align with this change and avoid
a U-Boot proper authentication failure in HAB closed devices:

Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x32 length=0x6131 version=0x38
bad length magic=0x32 length=0x6131 version=0x38
bad version magic=0x32 length=0x6131 version=0x38
spl: ERROR:  image authentication fail

Fixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets")

Reported-by: default avatarJagan Teki <jagan@amarulasolutions.com>
Signed-off-by: default avatarBreno Lima <breno.lima@nxp.com>