Blame view
include/config_fsl_chain_trust.h
3.14 KB
98cb0efde
|
1 2 3 4 5 |
/* * Copyright 2015 Freescale Semiconductor, Inc. * * SPDX-License-Identifier: GPL-2.0+ */ |
bdc22074c
|
6 7 |
#ifndef __CONFIG_FSL_CHAIN_TRUST_H #define __CONFIG_FSL_CHAIN_TRUST_H |
98cb0efde
|
8 |
|
bdc22074c
|
9 10 11 12 |
/* For secure boot, since ENVIRONMENT in flash/external memories is * not verified, undef CONFIG_ENV_xxx and set default env * (CONFIG_ENV_IS_NOWHERE) */ |
98cb0efde
|
13 |
#ifdef CONFIG_SECURE_BOOT |
bdc22074c
|
14 15 16 17 18 19 20 |
#undef CONFIG_ENV_IS_IN_EEPROM #undef CONFIG_ENV_IS_IN_NAND #undef CONFIG_ENV_IS_IN_MMC #undef CONFIG_ENV_IS_IN_SPI_FLASH #undef CONFIG_ENV_IS_IN_FLASH #define CONFIG_ENV_IS_NOWHERE |
98cb0efde
|
21 |
#endif |
bdc22074c
|
22 |
#ifdef CONFIG_CHAIN_OF_TRUST |
98cb0efde
|
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
#ifndef CONFIG_EXTRA_ENV #define CONFIG_EXTRA_ENV "" #endif /* * Control should not reach back to uboot after validation of images * for secure boot flow and therefore bootscript should have * the bootm command. If control reaches back to uboot anyhow * after validating images, core should just spin. */ /* * Define the key hash for boot script here if public/private key pair used to * sign bootscript are different from the SRK hash put in the fuse * Example of defining KEY_HASH is * #define CONFIG_BOOTSCRIPT_KEY_HASH \ * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" */ |
2bfe48908
|
41 42 43 44 45 46 |
#ifdef CONFIG_BOOTARGS #define CONFIG_SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';" #else #define CONFIG_SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \ "rw console=ttyS0,115200 ramdisk_size=600000\';" #endif |
98cb0efde
|
47 48 49 |
#ifdef CONFIG_BOOTSCRIPT_KEY_HASH #define CONFIG_SECBOOT \ "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ |
2bfe48908
|
50 |
CONFIG_SET_BOOTARGS \ |
98cb0efde
|
51 52 53 54 55 56 57 58 |
CONFIG_EXTRA_ENV \ "esbc_validate $bs_hdraddr " \ __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \ "source $img_addr;" \ "esbc_halt\0" #else #define CONFIG_SECBOOT \ "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ |
2bfe48908
|
59 |
CONFIG_SET_BOOTARGS \ |
98cb0efde
|
60 61 62 63 64 |
CONFIG_EXTRA_ENV \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt\0" #endif |
5050f6f0e
|
65 66 67 |
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM #define CONFIG_BS_COPY_ENV \ "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \ |
69d4b48c8
|
68 |
"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \ |
5050f6f0e
|
69 70 |
"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \ "setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \ |
69d4b48c8
|
71 |
"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \ |
5050f6f0e
|
72 |
"setenv bs_size " __stringify(CONFIG_BS_SIZE)";" |
3f701cc50
|
73 74 |
/* For secure boot flow, default environment used will be used */ #if defined(CONFIG_SYS_RAMBOOT) |
5050f6f0e
|
75 76 |
#if defined(CONFIG_RAMBOOT_NAND) #define CONFIG_BS_COPY_CMD \ |
69d4b48c8
|
77 78 |
"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \ "nand read $bs_ram $bs_device $bs_size ;" |
5050f6f0e
|
79 |
#endif /* CONFIG_RAMBOOT_NAND */ |
69d4b48c8
|
80 81 82 83 84 |
#elif defined(CONFIG_SD_BOOT) #define CONFIG_BS_COPY_CMD \ "mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \ "mmc read $bs_ram $bs_device $bs_size ;" #else /* CONFIG_SD_BOOT */ |
3f701cc50
|
85 |
#define CONFIG_BS_COPY_CMD \ |
69d4b48c8
|
86 87 |
"cp.b $bs_hdr_device $bs_hdr_ram $bs_hdr_size ;" \ "cp.b $bs_device $bs_ram $bs_size ;" |
98cb0efde
|
88 |
#endif |
3f701cc50
|
89 |
#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */ |
98cb0efde
|
90 |
|
5050f6f0e
|
91 92 93 94 95 96 97 |
#ifndef CONFIG_BS_COPY_ENV #define CONFIG_BS_COPY_ENV #endif #ifndef CONFIG_BS_COPY_CMD #define CONFIG_BS_COPY_CMD #endif |
bdc22074c
|
98 |
#define CONFIG_CHAIN_BOOT_CMD CONFIG_BS_COPY_ENV \ |
5050f6f0e
|
99 100 |
CONFIG_BS_COPY_CMD \ CONFIG_SECBOOT |
98cb0efde
|
101 102 103 |
#endif #endif |