blob: fc6788a7a614aced44fc38f7a937832ccb517533 [file] [log] [blame]
gaurav ranaf79323c2015-03-10 14:08:50 +05301/*
2 * Copyright 2015 Freescale Semiconductor, Inc.
3 *
4 * SPDX-License-Identifier: GPL-2.0+
5 */
6
7#ifndef __CONFIG_FSL_SECBOOT_H
8#define __CONFIG_FSL_SECBOOT_H
9
10#ifdef CONFIG_SECURE_BOOT
11
12#ifndef CONFIG_CMD_ESBC_VALIDATE
13#define CONFIG_CMD_ESBC_VALIDATE
14#endif
15
16#ifndef CONFIG_EXTRA_ENV
17#define CONFIG_EXTRA_ENV ""
18#endif
19
20/*
21 * Control should not reach back to uboot after validation of images
22 * for secure boot flow and therefore bootscript should have
23 * the bootm command. If control reaches back to uboot anyhow
24 * after validating images, core should just spin.
25 */
26
27/*
28 * Define the key hash for boot script here if public/private key pair used to
29 * sign bootscript are different from the SRK hash put in the fuse
30 * Example of defining KEY_HASH is
31 * #define CONFIG_BOOTSCRIPT_KEY_HASH \
32 * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
33 */
34
35#ifdef CONFIG_BOOTSCRIPT_KEY_HASH
36#define CONFIG_SECBOOT \
37 "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
38 "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \
39 "ramdisk_size=600000\';" \
40 CONFIG_EXTRA_ENV \
41 "esbc_validate $bs_hdraddr " \
42 __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
43 "source $img_addr;" \
44 "esbc_halt\0"
45#else
46#define CONFIG_SECBOOT \
47 "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
48 "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \
49 "ramdisk_size=600000\';" \
50 CONFIG_EXTRA_ENV \
51 "esbc_validate $bs_hdraddr;" \
52 "source $img_addr;" \
53 "esbc_halt\0"
54#endif
55
56/* For secure boot flow, default environment used will be used */
57#if defined(CONFIG_SYS_RAMBOOT)
Aneesh Bansalb69061d2015-06-16 10:36:43 +053058#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
59#define CONFIG_BS_COPY_ENV \
60 "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
61 "setenv bs_hdr_flash " __stringify(CONFIG_BS_HDR_ADDR_FLASH)";" \
62 "setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
63 "setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
64 "setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
65 "setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
66
67#if defined(CONFIG_RAMBOOT_NAND)
68#define CONFIG_BS_COPY_CMD \
69 "nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
70 "nand read $bs_ram $bs_flash $bs_size ;"
71#endif /* CONFIG_RAMBOOT_NAND */
72#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
73
gaurav ranaf79323c2015-03-10 14:08:50 +053074#if defined(CONFIG_RAMBOOT_SPIFLASH)
75#undef CONFIG_ENV_IS_IN_SPI_FLASH
76#elif defined(CONFIG_RAMBOOT_NAND)
77#undef CONFIG_ENV_IS_IN_NAND
78#elif defined(CONFIG_RAMBOOT_SDCARD)
79#undef CONFIG_ENV_IS_IN_MMC
80#endif
81#else /*CONFIG_SYS_RAMBOOT*/
82#undef CONFIG_ENV_IS_IN_FLASH
83#endif
84
85#define CONFIG_ENV_IS_NOWHERE
86
Aneesh Bansalb69061d2015-06-16 10:36:43 +053087#ifndef CONFIG_BS_COPY_ENV
88#define CONFIG_BS_COPY_ENV
89#endif
90
91#ifndef CONFIG_BS_COPY_CMD
92#define CONFIG_BS_COPY_CMD
93#endif
94
95#define CONFIG_SECBOOT_CMD CONFIG_BS_COPY_ENV \
96 CONFIG_BS_COPY_CMD \
97 CONFIG_SECBOOT
gaurav ranaf79323c2015-03-10 14:08:50 +053098/*
99 * We don't want boot delay for secure boot flow
100 * before autoboot starts
101 */
102#undef CONFIG_BOOTDELAY
103#define CONFIG_BOOTDELAY 0
104#undef CONFIG_BOOTCOMMAND
Aneesh Bansalb69061d2015-06-16 10:36:43 +0530105#define CONFIG_BOOTCOMMAND CONFIG_SECBOOT_CMD
gaurav ranaf79323c2015-03-10 14:08:50 +0530106
107/*
108 * CONFIG_ZERO_BOOTDELAY_CHECK should not be defined for
109 * secure boot flow as defining this would enable a user to
110 * reach uboot prompt by pressing some key before start of
111 * autoboot
112 */
113#undef CONFIG_ZERO_BOOTDELAY_CHECK
114
115#endif
116#endif