X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2FREADME.imximage;h=dcda2005af93439ca42e85c5b7ffb1ccd4233586;hb=194dd74ad919e57026f385aaab7f89acf7ea79ef;hp=802eb90f1de6b352dc383f69cdc234b0b64cccd9;hpb=a19b0dd62d7b8efc658fa1aa685ff5665878f3ee;p=oweals%2Fu-boot.git

diff --git a/doc/README.imximage b/doc/README.imximage
index 802eb90f1d..dcda2005af 100644
--- a/doc/README.imximage
+++ b/doc/README.imximage
@@ -15,9 +15,6 @@ Booting from NOR flash does not require to use this image type.
 For more details refer Chapter 2 - System Boot and section 2.14
 (flash header description) of the processor's manual.
 
-This implementation does not use at the moment the secure boot feature
-of the processor. The image is generated disabling all security fields.
-
 Command syntax:
 --------------
 ./tools/mkimage -l <mx u-boot_file>
@@ -86,6 +83,33 @@ Configuration command line syntax:
 				Example:
 				BOOT_FROM spi
 
+	CSF			value
+
+				Total size of CSF (Command Sequence File)
+				used for Secure Boot/ High Assurance Boot
+				(HAB).
+
+				Using this command will populate the IVT
+				(Initial Vector Table) CSF pointer and adjust
+				the length fields only. The CSF itself needs
+				to be generated with Freescale tools and
+				'manually' appended to the u-boot.imx file.
+
+				The CSF is then simply concatenated
+				to the u-boot image, making a signed bootloader,
+				that the processor can verify
+				if the fuses for the keys are burned.
+
+				Further infos how to configure the SOC to verify
+				the bootloader can be found in the "High
+				Assurance Boot Version Application Programming
+				Interface Reference Manual" as part of the
+				Freescale Code Signing Tool, available on the
+				manufacturer's website.
+
+				Example:
+				CSF 0x2000
+
 	DATA			type address value
 
 				type: word=4, halfword=2, byte=1