imx: hab: Increase CSF_SIZE for i.MX6 and i.MX7 devices

In certain i.MX devices the encrypted boot image is failing to boot.

According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
it's necessary to pad CSF to 0x2000 and append DEK blob.

In this case the total image size in boot data structure must cover the
entire binary otherwise the dek_blob won't be copied to memory and image
won't be decrypted.

Increase CSF_SIZE to 0x4000 to avoid such issue when booting encrypted
boot images.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>

diff --git a/include/configs/mx6_common.h b/include/configs/mx6_common.h
index 6b20c6db5803ab350dc3ee8b6b1281ba9aceb9ef..2b8ce9d71d007d1a6093e103eb3ae49874115fbd 100644 (file)
--- a/include/configs/mx6_common.h
+++ b/include/configs/mx6_common.h
@@ -59,7 +59,7 @@
 
 /* Secure boot (HAB) support */
 #ifdef CONFIG_SECURE_BOOT
-#define CONFIG_CSF_SIZE                        0x2000
+#define CONFIG_CSF_SIZE                        0x4000
 #ifdef CONFIG_SPL_BUILD
 #define CONFIG_SPL_DRIVERS_MISC_SUPPORT
 #endif

diff --git a/include/configs/mx7_common.h b/include/configs/mx7_common.h
index cc7e87269ee8d4bf5a90f5e3fef4907646505ebd..f3167c51d42f01422685d3c7be0503e61bb5663f 100644 (file)
--- a/include/configs/mx7_common.h
+++ b/include/configs/mx7_common.h
@@ -48,7 +48,7 @@
 
 /* Secure boot (HAB) support */
 #ifdef CONFIG_SECURE_BOOT
-#define CONFIG_CSF_SIZE                        0x2000
+#define CONFIG_CSF_SIZE                        0x4000
 #ifdef CONFIG_SPL_BUILD
 #define CONFIG_SPL_DRIVERS_MISC_SUPPORT
 #endif