Tom Rini | 10e4779 | 2018-05-06 17:58:06 -0400 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 2 | /* |
| 3 | * Copyright 2015 Freescale Semiconductor, Inc. |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 4 | */ |
| 5 | |
Aneesh Bansal | 4310470 | 2016-01-22 16:37:24 +0530 | [diff] [blame] | 6 | #ifndef __CONFIG_FSL_CHAIN_TRUST_H |
| 7 | #define __CONFIG_FSL_CHAIN_TRUST_H |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 8 | |
Simon Glass | fb64e36 | 2020-05-10 11:40:09 -0600 | [diff] [blame] | 9 | #include <linux/stringify.h> |
| 10 | |
Aneesh Bansal | 4310470 | 2016-01-22 16:37:24 +0530 | [diff] [blame] | 11 | #ifdef CONFIG_CHAIN_OF_TRUST |
| 12 | |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 13 | #ifndef CONFIG_EXTRA_ENV |
| 14 | #define CONFIG_EXTRA_ENV "" |
| 15 | #endif |
| 16 | |
| 17 | /* |
| 18 | * Control should not reach back to uboot after validation of images |
| 19 | * for secure boot flow and therefore bootscript should have |
| 20 | * the bootm command. If control reaches back to uboot anyhow |
| 21 | * after validating images, core should just spin. |
| 22 | */ |
| 23 | |
| 24 | /* |
| 25 | * Define the key hash for boot script here if public/private key pair used to |
| 26 | * sign bootscript are different from the SRK hash put in the fuse |
| 27 | * Example of defining KEY_HASH is |
| 28 | * #define CONFIG_BOOTSCRIPT_KEY_HASH \ |
| 29 | * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" |
| 30 | */ |
| 31 | |
Sam Protsenko | bd7bffe | 2017-08-14 20:22:17 +0300 | [diff] [blame] | 32 | #ifdef CONFIG_USE_BOOTARGS |
Saksham Jain | 2548469 | 2016-03-23 16:24:43 +0530 | [diff] [blame] | 33 | #define CONFIG_SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';" |
| 34 | #else |
| 35 | #define CONFIG_SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \ |
| 36 | "rw console=ttyS0,115200 ramdisk_size=600000\';" |
| 37 | #endif |
| 38 | |
| 39 | |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 40 | #ifdef CONFIG_BOOTSCRIPT_KEY_HASH |
| 41 | #define CONFIG_SECBOOT \ |
| 42 | "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ |
Saksham Jain | 2548469 | 2016-03-23 16:24:43 +0530 | [diff] [blame] | 43 | CONFIG_SET_BOOTARGS \ |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 44 | CONFIG_EXTRA_ENV \ |
| 45 | "esbc_validate $bs_hdraddr " \ |
| 46 | __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \ |
| 47 | "source $img_addr;" \ |
| 48 | "esbc_halt\0" |
| 49 | #else |
| 50 | #define CONFIG_SECBOOT \ |
| 51 | "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ |
Saksham Jain | 2548469 | 2016-03-23 16:24:43 +0530 | [diff] [blame] | 52 | CONFIG_SET_BOOTARGS \ |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 53 | CONFIG_EXTRA_ENV \ |
| 54 | "esbc_validate $bs_hdraddr;" \ |
| 55 | "source $img_addr;" \ |
| 56 | "esbc_halt\0" |
| 57 | #endif |
| 58 | |
Aneesh Bansal | b69061d | 2015-06-16 10:36:43 +0530 | [diff] [blame] | 59 | #ifdef CONFIG_BOOTSCRIPT_COPY_RAM |
| 60 | #define CONFIG_BS_COPY_ENV \ |
| 61 | "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \ |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 62 | "setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \ |
Aneesh Bansal | b69061d | 2015-06-16 10:36:43 +0530 | [diff] [blame] | 63 | "setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \ |
| 64 | "setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \ |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 65 | "setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \ |
Aneesh Bansal | b69061d | 2015-06-16 10:36:43 +0530 | [diff] [blame] | 66 | "setenv bs_size " __stringify(CONFIG_BS_SIZE)";" |
| 67 | |
Saksham Jain | 503eab9 | 2016-03-23 16:24:37 +0530 | [diff] [blame] | 68 | /* For secure boot flow, default environment used will be used */ |
Ruchika Gupta | ba68875 | 2017-04-17 18:07:18 +0530 | [diff] [blame] | 69 | #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \ |
| 70 | defined(CONFIG_SD_BOOT) |
| 71 | #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT) |
Aneesh Bansal | b69061d | 2015-06-16 10:36:43 +0530 | [diff] [blame] | 72 | #define CONFIG_BS_COPY_CMD \ |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 73 | "nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \ |
| 74 | "nand read $bs_ram $bs_device $bs_size ;" |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 75 | #elif defined(CONFIG_SD_BOOT) |
| 76 | #define CONFIG_BS_COPY_CMD \ |
| 77 | "mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \ |
| 78 | "mmc read $bs_ram $bs_device $bs_size ;" |
Ruchika Gupta | ba68875 | 2017-04-17 18:07:18 +0530 | [diff] [blame] | 79 | #endif |
| 80 | #else |
Saksham Jain | 503eab9 | 2016-03-23 16:24:37 +0530 | [diff] [blame] | 81 | #define CONFIG_BS_COPY_CMD \ |
Sumit Garg | 4564283 | 2016-06-14 13:52:39 -0400 | [diff] [blame] | 82 | "cp.b $bs_hdr_device $bs_hdr_ram $bs_hdr_size ;" \ |
| 83 | "cp.b $bs_device $bs_ram $bs_size ;" |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 84 | #endif |
Saksham Jain | 503eab9 | 2016-03-23 16:24:37 +0530 | [diff] [blame] | 85 | #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */ |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 86 | |
Aneesh Bansal | b69061d | 2015-06-16 10:36:43 +0530 | [diff] [blame] | 87 | #ifndef CONFIG_BS_COPY_ENV |
| 88 | #define CONFIG_BS_COPY_ENV |
| 89 | #endif |
| 90 | |
| 91 | #ifndef CONFIG_BS_COPY_CMD |
| 92 | #define CONFIG_BS_COPY_CMD |
| 93 | #endif |
| 94 | |
Aneesh Bansal | 4310470 | 2016-01-22 16:37:24 +0530 | [diff] [blame] | 95 | #define CONFIG_CHAIN_BOOT_CMD CONFIG_BS_COPY_ENV \ |
Aneesh Bansal | b69061d | 2015-06-16 10:36:43 +0530 | [diff] [blame] | 96 | CONFIG_BS_COPY_CMD \ |
| 97 | CONFIG_SECBOOT |
gaurav rana | f79323c | 2015-03-10 14:08:50 +0530 | [diff] [blame] | 98 | |
| 99 | #endif |
| 100 | #endif |