Skip to content

Commit

Permalink
imx8mm_var_dart_defconfig: Disable full UEFI support
Browse files Browse the repository at this point in the history 
The security feature maintained by variscite for secure boot on the imx8mm is
HABv4 support, so this change disables full UEFI support. This reduces the
size of the binaries generated for the bootloader, and avoids HAB events when
enabled.

Binaries size with uefi enabled:
    - u-boot-spl.bin 103K
    - u-boot.bin 977K

Binaries size with uefi disabled:
    - u-boot-spl.bin 101K
    - u-boot.bin 823K

This patch avoid the following events:
--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x43 0x33 0x22 0x33 0x00
        0x00 0x00 0x00 0x0f 0x00 0x7e 0x0b 0xc0
        0x00 0x03 0xf8 0x00

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_TARGET (0x33)
ENG = HAB_ENG_ANY (0x00)

--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x43 0x33 0x22 0x33 0x00
        0x00 0x00 0x00 0x0f 0x00 0x7e 0x0b 0xc0
        0x00 0x03 0xf6 0x60

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_TARGET (0x33)
ENG = HAB_ENG_ANY (0x00)

Signed-off-by: Luan Rafael Carneiro <luan.r@variscite.com>
  • Loading branch information
@rafluan
rafluan committed Nov 4, 2024
1 parent fc434c2 commit f631314
Showing 1 changed file with 2 additions and 9 deletions.
11 changes: 2 additions & 9 deletions configs/imx8mm_var_dart_defconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@ CONFIG_SYS_PROMPT="u-boot=> "
# CONFIG_BOOTM_NETBSD is not set
# CONFIG_CMD_EXPORTENV is not set
# CONFIG_CMD_IMPORTENV is not set
CONFIG_CMD_NVEDIT_EFI=y
CONFIG_CRC32_VERIFY=y
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_CLK=y
Expand All @@ -79,13 +78,13 @@ CONFIG_CMD_USB_MASS_STORAGE=y
CONFIG_BOOTP_PREFER_SERVERIP=y
CONFIG_CMD_SNTP=y
CONFIG_CMD_CACHE=y
CONFIG_CMD_EFIDEBUG=y
CONFIG_CMD_RTC=y
CONFIG_CMD_TIME=y
CONFIG_CMD_GETTIME=y
CONFIG_CMD_TIMER=y
CONFIG_CMD_REGULATOR=y
CONFIG_CMD_EXT4_WRITE=y
# CONFIG_SPL_EFI_PARTITION is not set
CONFIG_OF_CONTROL=y
CONFIG_ENV_OVERWRITE=y
CONFIG_ENV_IS_IN_MMC=y
Expand Down Expand Up @@ -170,11 +169,5 @@ CONFIG_SPL_RSA=y
CONFIG_SHA384=y
CONFIG_LZO=y
CONFIG_BZIP2=y
CONFIG_EFI_VAR_BUF_SIZE=139264
CONFIG_EFI_SET_TIME=y
CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
CONFIG_EFI_CAPSULE_ON_DISK=y
CONFIG_EFI_IGNORE_OSINDICATIONS=y
CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
CONFIG_EFI_SECURE_BOOT=y
# CONFIG_EFI_LOADER is not set
# CONFIG_OPTEE_LIB is not set

0 comments on commit f631314

Please sign in to comment.