/*
   * Copyright 2015 Freescale Semiconductor, Inc.
   *
   * SPDX-License-Identifier:	GPL-2.0+
   */
  
  #ifndef __CONFIG_FSL_SECBOOT_H
  #define __CONFIG_FSL_SECBOOT_H
  
  #ifdef CONFIG_SECURE_BOOT
  
  #ifndef CONFIG_CMD_ESBC_VALIDATE
  #define CONFIG_CMD_ESBC_VALIDATE
  #endif
  
  #ifndef CONFIG_EXTRA_ENV
  #define CONFIG_EXTRA_ENV	""
  #endif
  
  /*
   * Control should not reach back to uboot after validation of images
   * for secure boot flow and therefore bootscript should have
   * the bootm command. If control reaches back to uboot anyhow
   * after validating images, core should just spin.
   */
  
  /*
   * Define the key hash for boot script here if public/private key pair used to
   * sign bootscript are different from the SRK hash put in the fuse
   * Example of defining KEY_HASH is
   * #define CONFIG_BOOTSCRIPT_KEY_HASH \
   *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
   */
  
  #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
  #define CONFIG_SECBOOT \
  	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
  	"setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "	\
  	"ramdisk_size=600000\';"	\
  	CONFIG_EXTRA_ENV	\
  	"esbc_validate $bs_hdraddr " \
  	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
  	"source $img_addr;"	\
  	"esbc_halt\0"
  #else
  #define CONFIG_SECBOOT \
  	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
  	"setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "	\
  	"ramdisk_size=600000\';"	\
  	CONFIG_EXTRA_ENV	\
  	"esbc_validate $bs_hdraddr;" \
  	"source $img_addr;"	\
  	"esbc_halt\0"
  #endif
  
  /* For secure boot flow, default environment used will be used */
  #if defined(CONFIG_SYS_RAMBOOT)

  #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
  #define CONFIG_BS_COPY_ENV \
  	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
  	"setenv bs_hdr_flash " __stringify(CONFIG_BS_HDR_ADDR_FLASH)";" \
  	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
  	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
  	"setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
  	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
  
  #if defined(CONFIG_RAMBOOT_NAND)
  #define CONFIG_BS_COPY_CMD \
  	"nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
  	"nand read $bs_ram $bs_flash $bs_size ;"
  #endif /* CONFIG_RAMBOOT_NAND */
  #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */

  #if defined(CONFIG_RAMBOOT_SPIFLASH)
  #undef CONFIG_ENV_IS_IN_SPI_FLASH
  #elif defined(CONFIG_RAMBOOT_NAND)
  #undef CONFIG_ENV_IS_IN_NAND
  #elif defined(CONFIG_RAMBOOT_SDCARD)
  #undef CONFIG_ENV_IS_IN_MMC
  #endif
  #else /*CONFIG_SYS_RAMBOOT*/
  #undef CONFIG_ENV_IS_IN_FLASH
  #endif
  
  #define CONFIG_ENV_IS_NOWHERE

  #ifndef CONFIG_BS_COPY_ENV
  #define CONFIG_BS_COPY_ENV
  #endif
  
  #ifndef CONFIG_BS_COPY_CMD
  #define CONFIG_BS_COPY_CMD
  #endif
  
  #define CONFIG_SECBOOT_CMD	CONFIG_BS_COPY_ENV \
  				CONFIG_BS_COPY_CMD \
  				CONFIG_SECBOOT

  /*
   * We don't want boot delay for secure boot flow
   * before autoboot starts
   */
  #undef CONFIG_BOOTDELAY
  #define CONFIG_BOOTDELAY	0
  #undef CONFIG_BOOTCOMMAND

  #define CONFIG_BOOTCOMMAND		CONFIG_SECBOOT_CMD

  
  /*
   * CONFIG_ZERO_BOOTDELAY_CHECK should not be defined for
   * secure boot flow as defining this would enable a user to
   * reach uboot prompt by pressing some key before start of
   * autoboot
   */
  #undef CONFIG_ZERO_BOOTDELAY_CHECK
  
  #endif
  #endif