• Sumit Garg's avatar
    Makefile: Add support to optionally encrypt BL31 and BL32 · c6ba9b45
    Sumit Garg authored
    
    
    Following build flags have been added to support optional firmware
    encryption:
    
    - FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
        0: Encryption is done with Secret Symmetric Key (SSK) which is
           common for a class of devices.
        1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
           is unique per device.
    
    - ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
        could be SSK or BSSK depending on FW_ENC_STATUS flag.
    
    - ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
        (IV) in hex string format.
    
    - ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.
    
    - ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.
    
    Similar flags can be added to encrypt other firmwares as well depending
    on use-cases.
    Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
    Change-Id: I94374d6830ad5908df557f63823e58383d8ad670
    c6ba9b45
build_macros.mk 19.6 KB