imx8m: Add DEK blob encapsulation for imx8m Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>

commit: 56d2050f40287fe46757d4cbe69d62a1381c3c64 [log] [tgz]
author: Clement Faure <clement.faure@nxp.com> Thu Mar 25 17:30:33 2021 +0800
committer: Stefano Babic <sbabic@denx.de> Thu Apr 08 20:29:52 2021 +0200
tree: e0306aa0489ba7b4bc923c2c5cc875b03cfabb04
parent: 613cf239ed490f900b8f822df4a2d5a1a27d7a47 [diff] [blame]
diff --git a/arch/arm/dts/imx8mp-evk-u-boot.dtsi b/arch/arm/dts/imx8mp-evk-u-boot.dtsi
index 6a91404..27075c5 100644
--- a/arch/arm/dts/imx8mp-evk-u-boot.dtsi
+++ b/arch/arm/dts/imx8mp-evk-u-boot.dtsi

@@ -9,6 +9,12 @@
 		wdt = <&wdog1>;
 		u-boot,dm-spl;
 	};
+	firmware {
+		optee {
+			compatible = "linaro,optee-tz";
+			method = "smc";
+		};
+	};
 };
 
 &{/soc@0} {
commit	56d2050f40287fe46757d4cbe69d62a1381c3c64	[log] [tgz]
author	Clement Faure <clement.faure@nxp.com>	Thu Mar 25 17:30:33 2021 +0800
committer	Stefano Babic <sbabic@denx.de>	Thu Apr 08 20:29:52 2021 +0200
tree	e0306aa0489ba7b4bc923c2c5cc875b03cfabb04
parent	613cf239ed490f900b8f822df4a2d5a1a27d7a47 [diff] [blame]