blob: 17ca5409080a47373bd36b5320cc9ea6df16b8f5 [file] [log] [blame]
/*
* Copyright 2015 Freescale Semiconductor, Inc.
*
* SPDX-License-Identifier: GPL-2.0+
*/
#ifndef __FSL_SECURE_BOOT_H
#define __FSL_SECURE_BOOT_H
#ifdef CONFIG_CHAIN_OF_TRUST
#define CONFIG_CMD_ESBC_VALIDATE
#define CONFIG_FSL_SEC_MON
#define CONFIG_SHA_HW_ACCEL
#define CONFIG_SHA_PROG_HW_ACCEL
#define CONFIG_RSA_FREESCALE_EXP
#ifndef CONFIG_FSL_CAAM
#define CONFIG_FSL_CAAM
#endif
#define CONFIG_SPL_BOARD_INIT
#ifdef CONFIG_SPL_BUILD
/*
* Define the key hash for U-Boot here if public/private key pair used to
* sign U-boot are different from the SRK hash put in the fuse
* Example of defining KEY_HASH is
* #define CONFIG_SPL_UBOOT_KEY_HASH \
* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
* else leave it defined as NULL
*/
#define CONFIG_SPL_UBOOT_KEY_HASH NULL
#endif /* ifdef CONFIG_SPL_BUILD */
#ifndef CONFIG_SPL_BUILD
#define CONFIG_CMD_BLOB
#define CONFIG_CMD_HASH
#define CONFIG_KEY_REVOCATION
#ifndef CONFIG_SYS_RAMBOOT
/* The key used for verification of next level images
* is picked up from an Extension Table which has
* been verified by the ISBC (Internal Secure boot Code)
* in boot ROM of the SoC.
* The feature is only applicable in case of NOR boot and is
* not applicable in case of RAMBOOT (NAND, SD, SPI).
*/
#ifndef CONFIG_ESBC_HDR_LS
/* Current Key EXT feature not available in LS ESBC Header */
#define CONFIG_FSL_ISBC_KEY_EXT
#endif
#endif
#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
* Similiarly for LS2080
*/
#define CONFIG_ESBC_ADDR_64BIT
#endif
#ifdef CONFIG_LS2080A
#define CONFIG_EXTRA_ENV \
"setenv fdt_high 0xa0000000;" \
"setenv initrd_high 0xcfffffff;" \
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
#else
#define CONFIG_EXTRA_ENV \
"setenv fdt_high 0xffffffff;" \
"setenv initrd_high 0xffffffff;" \
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
#endif
/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
* Non-XIP Memory (Nand/SD)*/
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
defined(CONFIG_SD_BOOT)
#define CONFIG_BOOTSCRIPT_COPY_RAM
#endif
/* The address needs to be modified according to NOR, NAND, SD and
* DDR memory map
*/
#ifdef CONFIG_FSL_LSCH3
#define CONFIG_BS_HDR_ADDR_DEVICE 0x580d00000
#define CONFIG_BS_ADDR_DEVICE 0x580e00000
#define CONFIG_BS_HDR_ADDR_RAM 0xa0d00000
#define CONFIG_BS_ADDR_RAM 0xa0e00000
#define CONFIG_BS_HDR_SIZE 0x00002000
#define CONFIG_BS_SIZE 0x00001000
#else
#ifdef CONFIG_SD_BOOT
/* For SD boot address and size are assigned in terms of sector
* offset and no. of sectors respectively.
*/
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000800
#define CONFIG_BS_ADDR_DEVICE 0x00000840
#define CONFIG_BS_HDR_SIZE 0x00000010
#define CONFIG_BS_SIZE 0x00000008
#else
#define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000
#define CONFIG_BS_ADDR_DEVICE 0x60060000
#define CONFIG_BS_HDR_SIZE 0x00002000
#define CONFIG_BS_SIZE 0x00001000
#endif /* #ifdef CONFIG_SD_BOOT */
#define CONFIG_BS_HDR_ADDR_RAM 0x81000000
#define CONFIG_BS_ADDR_RAM 0x81020000
#endif
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM
#else
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_DEVICE
/* BOOTSCRIPT_ADDR is not required */
#endif
#ifdef CONFIG_FSL_LS_PPA
#ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
#ifdef CONFIG_LS1043A
#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000
#endif
#else
#error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
#endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */
/* Define the key hash here if SRK used for signing PPA image is
* different from SRK hash put in SFP used for U-Boot.
* Example
* #define CONFIG_PPA_KEY_HASH \
* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
*/
#define CONFIG_PPA_KEY_HASH NULL
#endif /* ifdef CONFIG_FSL_LS_PPA */
#include <config_fsl_chain_trust.h>
#endif /* #ifndef CONFIG_SPL_BUILD */
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif