| /* |
| * Copyright 2015 Freescale Semiconductor, Inc. |
| * |
| * SPDX-License-Identifier: GPL-2.0+ |
| */ |
| |
| #ifndef __FSL_SECURE_BOOT_H |
| #define __FSL_SECURE_BOOT_H |
| |
| #ifdef CONFIG_CHAIN_OF_TRUST |
| #define CONFIG_FSL_SEC_MON |
| |
| #ifdef CONFIG_SPL_BUILD |
| /* |
| * Define the key hash for U-Boot here if public/private key pair used to |
| * sign U-boot are different from the SRK hash put in the fuse |
| * Example of defining KEY_HASH is |
| * #define CONFIG_SPL_UBOOT_KEY_HASH \ |
| * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" |
| * else leave it defined as NULL |
| */ |
| |
| #define CONFIG_SPL_UBOOT_KEY_HASH NULL |
| #endif /* ifdef CONFIG_SPL_BUILD */ |
| |
| #define CONFIG_KEY_REVOCATION |
| |
| #ifndef CONFIG_SPL_BUILD |
| #ifndef CONFIG_SYS_RAMBOOT |
| /* The key used for verification of next level images |
| * is picked up from an Extension Table which has |
| * been verified by the ISBC (Internal Secure boot Code) |
| * in boot ROM of the SoC. |
| * The feature is only applicable in case of NOR boot and is |
| * not applicable in case of RAMBOOT (NAND, SD, SPI). |
| * For LS, this feature is available for all device if IE Table |
| * is copied to XIP memory |
| * Also, for LS, ISBC doesn't verify this table. |
| */ |
| #define CONFIG_FSL_ISBC_KEY_EXT |
| |
| #endif |
| |
| #if defined(CONFIG_FSL_LAYERSCAPE) |
| /* |
| * For fsl layerscape based platforms, ESBC image Address in Header |
| * is 64 bit. |
| */ |
| #define CONFIG_ESBC_ADDR_64BIT |
| #endif |
| |
| #ifdef CONFIG_ARCH_LS2080A |
| #define CONFIG_EXTRA_ENV \ |
| "setenv fdt_high 0xa0000000;" \ |
| "setenv initrd_high 0xcfffffff;" \ |
| "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" |
| #else |
| #define CONFIG_EXTRA_ENV \ |
| "setenv fdt_high 0xffffffff;" \ |
| "setenv initrd_high 0xffffffff;" \ |
| "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" |
| #endif |
| |
| /* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from |
| * Non-XIP Memory (Nand/SD)*/ |
| #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \ |
| defined(CONFIG_SD_BOOT) || defined(CONFIG_NAND_BOOT) |
| #define CONFIG_BOOTSCRIPT_COPY_RAM |
| #endif |
| /* The address needs to be modified according to NOR, NAND, SD and |
| * DDR memory map |
| */ |
| #ifdef CONFIG_FSL_LSCH3 |
| #define CONFIG_BS_HDR_ADDR_DEVICE 0x580d00000 |
| #define CONFIG_BS_ADDR_DEVICE 0x580e00000 |
| #define CONFIG_BS_HDR_ADDR_RAM 0xa0d00000 |
| #define CONFIG_BS_ADDR_RAM 0xa0e00000 |
| #define CONFIG_BS_HDR_SIZE 0x00002000 |
| #define CONFIG_BS_SIZE 0x00001000 |
| #else |
| #ifdef CONFIG_SD_BOOT |
| /* For SD boot address and size are assigned in terms of sector |
| * offset and no. of sectors respectively. |
| */ |
| #if defined(CONFIG_ARCH_LS1043A) || defined(CONFIG_ARCH_LS1046A) |
| #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000920 |
| #else |
| #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900 |
| #endif |
| #define CONFIG_BS_ADDR_DEVICE 0x00000940 |
| #define CONFIG_BS_HDR_SIZE 0x00000010 |
| #define CONFIG_BS_SIZE 0x00000008 |
| #elif defined(CONFIG_NAND_BOOT) |
| #define CONFIG_BS_HDR_ADDR_DEVICE 0x00800000 |
| #define CONFIG_BS_ADDR_DEVICE 0x00802000 |
| #define CONFIG_BS_HDR_SIZE 0x00002000 |
| #define CONFIG_BS_SIZE 0x00001000 |
| #elif defined(CONFIG_QSPI_BOOT) |
| #ifdef CONFIG_ARCH_LS1046A |
| #define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 |
| #define CONFIG_BS_ADDR_DEVICE 0x40800000 |
| #elif defined(CONFIG_ARCH_LS1012A) |
| #define CONFIG_BS_HDR_ADDR_DEVICE 0x400c0000 |
| #define CONFIG_BS_ADDR_DEVICE 0x40060000 |
| #else |
| #error "Platform not supported" |
| #endif |
| #define CONFIG_BS_HDR_SIZE 0x00002000 |
| #define CONFIG_BS_SIZE 0x00001000 |
| #else /* Default NOR Boot */ |
| #define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000 |
| #define CONFIG_BS_ADDR_DEVICE 0x60060000 |
| #define CONFIG_BS_HDR_SIZE 0x00002000 |
| #define CONFIG_BS_SIZE 0x00001000 |
| #endif |
| #define CONFIG_BS_HDR_ADDR_RAM 0x81000000 |
| #define CONFIG_BS_ADDR_RAM 0x81020000 |
| #endif |
| |
| #ifdef CONFIG_BOOTSCRIPT_COPY_RAM |
| #define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM |
| #define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM |
| #else |
| #define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_DEVICE |
| /* BOOTSCRIPT_ADDR is not required */ |
| #endif |
| |
| #ifdef CONFIG_FSL_LS_PPA |
| /* Define the key hash here if SRK used for signing PPA image is |
| * different from SRK hash put in SFP used for U-Boot. |
| * Example |
| * #define PPA_KEY_HASH \ |
| * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" |
| */ |
| #define PPA_KEY_HASH NULL |
| #endif /* ifdef CONFIG_FSL_LS_PPA */ |
| |
| #include <config_fsl_chain_trust.h> |
| #endif /* #ifndef CONFIG_SPL_BUILD */ |
| #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ |
| #endif |