In the Step by Step Guide from NXP to setup up secure boot, it states the following:
1.2 Preparing U-Boot to support AHAB secure boot features
----------------------------------------------------------
The U-Boot provides extra functions for AHAB, such as the ability to
authenticate additional container images by calling the SCU API
sc_misc_seco_authenticate() function.
The support is enabled by adding CONFIG_AHAB_BOOT to the defconfig file used
for your target:
- Defconfig:
CONFIG_AHAB_BOOT=y
- Kconfig:
ARM architecture -> Support i.MX 8 AHAB features
What is the purpose of the Kconfig ARM architecture support for AHAB? The AHAB (only supported on IMX8 and IMX8X families) in ROM is responsible for authenticating the SECO firmware (NXP signed), which will supply the services for authenticating the images signed by the user to the System Controller ROM.
Does this kernel configuration flag enable this AHAB support by turning on AHAB in ROM? Does it enabling the ROM to support AHAB by the ROM? The .config option I believe is to enable AHAB functionality in the ARM Trusted processor itself. To enable ROM for the AHAB feature in the kernel? I need to know if it is an optional configuration, or if it essential and why.
