gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2015 Freescale Semiconductor, Inc. |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 3 | * Copyright 2017 NXP |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 4 | * |
| 5 | * SPDX-License-Identifier: GPL-2.0+ |
| 6 | */ |
| 7 | |
| 8 | #ifndef __FSL_SECURE_BOOT_H |
| 9 | #define __FSL_SECURE_BOOT_H |
| 10 | |
Aneesh Bansal | 4310470 | 2016-01-22 16:37:24 +0530 | [diff] [blame] | 11 | #ifdef CONFIG_CHAIN_OF_TRUST |
Aneesh Bansal | d31bb3e | 2015-07-31 14:10:03 +0530 | [diff] [blame] | 12 | #define CONFIG_FSL_SEC_MON |
Aneesh Bansal | d31bb3e | 2015-07-31 14:10:03 +0530 | [diff] [blame] | 13 | |
Simon Glass | 3aa6612 | 2016-09-12 23:18:23 -0600 | [diff] [blame] | 14 | #ifdef CONFIG_SPL_BUILD |
Sumit Garg | bdddd6e | 2016-06-14 13:52:38 -0400 | [diff] [blame] | 15 | /* |
| 16 | * Define the key hash for U-Boot here if public/private key pair used to |
| 17 | * sign U-boot are different from the SRK hash put in the fuse |
| 18 | * Example of defining KEY_HASH is |
| 19 | * #define CONFIG_SPL_UBOOT_KEY_HASH \ |
| 20 | * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" |
| 21 | * else leave it defined as NULL |
| 22 | */ |
| 23 | |
| 24 | #define CONFIG_SPL_UBOOT_KEY_HASH NULL |
| 25 | #endif /* ifdef CONFIG_SPL_BUILD */ |
| 26 | |
Ruchika Gupta | d6b8920 | 2017-04-17 18:07:17 +0530 | [diff] [blame] | 27 | #define CONFIG_KEY_REVOCATION |
| 28 | |
Sumit Garg | bdddd6e | 2016-06-14 13:52:38 -0400 | [diff] [blame] | 29 | #ifndef CONFIG_SPL_BUILD |
Aneesh Bansal | d31bb3e | 2015-07-31 14:10:03 +0530 | [diff] [blame] | 30 | #ifndef CONFIG_SYS_RAMBOOT |
| 31 | /* The key used for verification of next level images |
| 32 | * is picked up from an Extension Table which has |
| 33 | * been verified by the ISBC (Internal Secure boot Code) |
| 34 | * in boot ROM of the SoC. |
| 35 | * The feature is only applicable in case of NOR boot and is |
| 36 | * not applicable in case of RAMBOOT (NAND, SD, SPI). |
Udit Agarwal | 990a997 | 2017-02-09 21:36:11 +0530 | [diff] [blame] | 37 | * For LS, this feature is available for all device if IE Table |
| 38 | * is copied to XIP memory |
| 39 | * Also, for LS, ISBC doesn't verify this table. |
Aneesh Bansal | d31bb3e | 2015-07-31 14:10:03 +0530 | [diff] [blame] | 40 | */ |
| 41 | #define CONFIG_FSL_ISBC_KEY_EXT |
Aneesh Bansal | d31bb3e | 2015-07-31 14:10:03 +0530 | [diff] [blame] | 42 | |
Saksham Jain | 6121f08 | 2016-03-23 16:24:34 +0530 | [diff] [blame] | 43 | #endif |
| 44 | |
Vinitha Pillai-B57223 | 8a3c645 | 2017-03-23 13:48:16 +0530 | [diff] [blame] | 45 | #if defined(CONFIG_FSL_LAYERSCAPE) |
| 46 | /* |
| 47 | * For fsl layerscape based platforms, ESBC image Address in Header |
| 48 | * is 64 bit. |
Saksham Jain | c0c38d2 | 2016-03-23 16:24:35 +0530 | [diff] [blame] | 49 | */ |
Aneesh Bansal | 962021a | 2016-01-22 16:37:22 +0530 | [diff] [blame] | 50 | #define CONFIG_ESBC_ADDR_64BIT |
| 51 | #endif |
| 52 | |
York Sun | 4ce6fbf | 2017-03-27 11:41:01 -0700 | [diff] [blame] | 53 | #ifdef CONFIG_ARCH_LS2080A |
Saksham Jain | f0eb2ca | 2016-03-23 16:24:38 +0530 | [diff] [blame] | 54 | #define CONFIG_EXTRA_ENV \ |
| 55 | "setenv fdt_high 0xa0000000;" \ |
| 56 | "setenv initrd_high 0xcfffffff;" \ |
| 57 | "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" |
| 58 | #else |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 59 | #define CONFIG_EXTRA_ENV \ |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 60 | "setenv fdt_high 0xffffffff;" \ |
| 61 | "setenv initrd_high 0xffffffff;" \ |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 62 | "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" |
Saksham Jain | f0eb2ca | 2016-03-23 16:24:38 +0530 | [diff] [blame] | 63 | #endif |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 64 | |
Saksham Jain | 503eab9 | 2016-03-23 16:24:37 +0530 | [diff] [blame] | 65 | /* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from |
| 66 | * Non-XIP Memory (Nand/SD)*/ |
Udit Agarwal | 6b29d23 | 2017-01-06 15:58:56 +0530 | [diff] [blame] | 67 | #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \ |
Ruchika Gupta | ba68875 | 2017-04-17 18:07:18 +0530 | [diff] [blame] | 68 | defined(CONFIG_SD_BOOT) || defined(CONFIG_NAND_BOOT) |
Saksham Jain | 503eab9 | 2016-03-23 16:24:37 +0530 | [diff] [blame] | 69 | #define CONFIG_BOOTSCRIPT_COPY_RAM |
| 70 | #endif |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 71 | /* The address needs to be modified according to NOR, NAND, SD and |
| 72 | * DDR memory map |
| 73 | */ |
Udit Agarwal | 6b29d23 | 2017-01-06 15:58:56 +0530 | [diff] [blame] | 74 | #ifdef CONFIG_FSL_LSCH3 |
Udit Agarwal | c83ea8a | 2017-08-16 07:13:29 -0400 | [diff] [blame] | 75 | #ifdef CONFIG_QSPI_BOOT |
| 76 | #define CONFIG_BS_ADDR_DEVICE 0x20600000 |
| 77 | #define CONFIG_BS_HDR_ADDR_DEVICE 0x20640000 |
| 78 | #else /* NOR BOOT */ |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 79 | #define CONFIG_BS_ADDR_DEVICE 0x580600000 |
| 80 | #define CONFIG_BS_HDR_ADDR_DEVICE 0x580640000 |
Udit Agarwal | c83ea8a | 2017-08-16 07:13:29 -0400 | [diff] [blame] | 81 | #endif /*ifdef CONFIG_QSPI_BOOT */ |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 82 | #define CONFIG_BS_SIZE 0x00001000 |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 83 | #define CONFIG_BS_HDR_SIZE 0x00004000 |
| 84 | #define CONFIG_BS_ADDR_RAM 0xa0600000 |
| 85 | #define CONFIG_BS_HDR_ADDR_RAM 0xa0640000 |
Saksham Jain | 503eab9 | 2016-03-23 16:24:37 +0530 | [diff] [blame] | 86 | #else |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 87 | #ifdef CONFIG_SD_BOOT |
| 88 | /* For SD boot address and size are assigned in terms of sector |
| 89 | * offset and no. of sectors respectively. |
| 90 | */ |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 91 | #define CONFIG_BS_ADDR_DEVICE 0x00003000 |
| 92 | #define CONFIG_BS_HDR_ADDR_DEVICE 0x00003200 |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 93 | #define CONFIG_BS_SIZE 0x00000008 |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 94 | #define CONFIG_BS_HDR_SIZE 0x00000010 |
Ruchika Gupta | ba68875 | 2017-04-17 18:07:18 +0530 | [diff] [blame] | 95 | #elif defined(CONFIG_NAND_BOOT) |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 96 | #define CONFIG_BS_ADDR_DEVICE 0x00600000 |
| 97 | #define CONFIG_BS_HDR_ADDR_DEVICE 0x00640000 |
| 98 | #define CONFIG_BS_SIZE 0x00001000 |
Vinitha Pillai-B57223 | 8a3c645 | 2017-03-23 13:48:16 +0530 | [diff] [blame] | 99 | #define CONFIG_BS_HDR_SIZE 0x00002000 |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 100 | #elif defined(CONFIG_QSPI_BOOT) |
| 101 | #define CONFIG_BS_ADDR_DEVICE 0x40600000 |
| 102 | #define CONFIG_BS_HDR_ADDR_DEVICE 0x40640000 |
Vinitha Pillai-B57223 | 8a3c645 | 2017-03-23 13:48:16 +0530 | [diff] [blame] | 103 | #define CONFIG_BS_SIZE 0x00001000 |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 104 | #define CONFIG_BS_HDR_SIZE 0x00002000 |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 105 | #else /* Default NOR Boot */ |
| 106 | #define CONFIG_BS_ADDR_DEVICE 0x60600000 |
| 107 | #define CONFIG_BS_HDR_ADDR_DEVICE 0x60640000 |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 108 | #define CONFIG_BS_SIZE 0x00001000 |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 109 | #define CONFIG_BS_HDR_SIZE 0x00002000 |
Vinitha Pillai-B57223 | 8a3c645 | 2017-03-23 13:48:16 +0530 | [diff] [blame] | 110 | #endif |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 111 | #define CONFIG_BS_ADDR_RAM 0x81000000 |
| 112 | #define CONFIG_BS_HDR_ADDR_RAM 0x81020000 |
Saksham Jain | 503eab9 | 2016-03-23 16:24:37 +0530 | [diff] [blame] | 113 | #endif |
| 114 | |
| 115 | #ifdef CONFIG_BOOTSCRIPT_COPY_RAM |
Saksham Jain | 503eab9 | 2016-03-23 16:24:37 +0530 | [diff] [blame] | 116 | #define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM |
Sumit Garg | 666bbd0 | 2017-08-16 07:13:28 -0400 | [diff] [blame] | 117 | #define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM |
Saksham Jain | 506c2eb | 2016-03-23 16:24:36 +0530 | [diff] [blame] | 118 | #else |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 119 | #define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_DEVICE |
| 120 | /* BOOTSCRIPT_ADDR is not required */ |
Saksham Jain | 506c2eb | 2016-03-23 16:24:36 +0530 | [diff] [blame] | 121 | #endif |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 122 | |
Sumit Garg | e0f9e9b | 2016-09-01 12:56:44 -0400 | [diff] [blame] | 123 | #ifdef CONFIG_FSL_LS_PPA |
Sumit Garg | e0f9e9b | 2016-09-01 12:56:44 -0400 | [diff] [blame] | 124 | /* Define the key hash here if SRK used for signing PPA image is |
| 125 | * different from SRK hash put in SFP used for U-Boot. |
| 126 | * Example |
Vinitha Pillai-B57223 | a4b3ded | 2017-03-23 13:48:14 +0530 | [diff] [blame] | 127 | * #define PPA_KEY_HASH \ |
Sumit Garg | e0f9e9b | 2016-09-01 12:56:44 -0400 | [diff] [blame] | 128 | * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" |
| 129 | */ |
Vinitha Pillai-B57223 | a4b3ded | 2017-03-23 13:48:14 +0530 | [diff] [blame] | 130 | #define PPA_KEY_HASH NULL |
Sumit Garg | e0f9e9b | 2016-09-01 12:56:44 -0400 | [diff] [blame] | 131 | #endif /* ifdef CONFIG_FSL_LS_PPA */ |
| 132 | |
Aneesh Bansal | 4310470 | 2016-01-22 16:37:24 +0530 | [diff] [blame] | 133 | #include <config_fsl_chain_trust.h> |
Sumit Garg | bdddd6e | 2016-06-14 13:52:38 -0400 | [diff] [blame] | 134 | #endif /* #ifndef CONFIG_SPL_BUILD */ |
Aneesh Bansal | 4310470 | 2016-01-22 16:37:24 +0530 | [diff] [blame] | 135 | #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 136 | #endif |