blob: 4f522dbeccb2208b12d63640a5c9e2fe9a802847 [file] [log] [blame]
Tom Rini10e47792018-05-06 17:58:06 -04001/* SPDX-License-Identifier: GPL-2.0+ */
gaurav ranaf79323c2015-03-10 14:08:50 +05302/*
3 * Copyright 2015 Freescale Semiconductor, Inc.
gaurav ranaf79323c2015-03-10 14:08:50 +05304 */
5
Aneesh Bansal43104702016-01-22 16:37:24 +05306#ifndef __CONFIG_FSL_CHAIN_TRUST_H
7#define __CONFIG_FSL_CHAIN_TRUST_H
gaurav ranaf79323c2015-03-10 14:08:50 +05308
Aneesh Bansal43104702016-01-22 16:37:24 +05309#ifdef CONFIG_CHAIN_OF_TRUST
10
gaurav ranaf79323c2015-03-10 14:08:50 +053011#ifndef CONFIG_EXTRA_ENV
12#define CONFIG_EXTRA_ENV ""
13#endif
14
15/*
16 * Control should not reach back to uboot after validation of images
17 * for secure boot flow and therefore bootscript should have
18 * the bootm command. If control reaches back to uboot anyhow
19 * after validating images, core should just spin.
20 */
21
22/*
23 * Define the key hash for boot script here if public/private key pair used to
24 * sign bootscript are different from the SRK hash put in the fuse
25 * Example of defining KEY_HASH is
26 * #define CONFIG_BOOTSCRIPT_KEY_HASH \
27 * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
28 */
29
Sam Protsenkobd7bffe2017-08-14 20:22:17 +030030#ifdef CONFIG_USE_BOOTARGS
Saksham Jain25484692016-03-23 16:24:43 +053031#define CONFIG_SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';"
32#else
33#define CONFIG_SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \
34 "rw console=ttyS0,115200 ramdisk_size=600000\';"
35#endif
36
37
gaurav ranaf79323c2015-03-10 14:08:50 +053038#ifdef CONFIG_BOOTSCRIPT_KEY_HASH
39#define CONFIG_SECBOOT \
40 "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
Saksham Jain25484692016-03-23 16:24:43 +053041 CONFIG_SET_BOOTARGS \
gaurav ranaf79323c2015-03-10 14:08:50 +053042 CONFIG_EXTRA_ENV \
43 "esbc_validate $bs_hdraddr " \
44 __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
45 "source $img_addr;" \
46 "esbc_halt\0"
47#else
48#define CONFIG_SECBOOT \
49 "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
Saksham Jain25484692016-03-23 16:24:43 +053050 CONFIG_SET_BOOTARGS \
gaurav ranaf79323c2015-03-10 14:08:50 +053051 CONFIG_EXTRA_ENV \
52 "esbc_validate $bs_hdraddr;" \
53 "source $img_addr;" \
54 "esbc_halt\0"
55#endif
56
Aneesh Bansalb69061d2015-06-16 10:36:43 +053057#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
58#define CONFIG_BS_COPY_ENV \
59 "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
Sumit Garg45642832016-06-14 13:52:39 -040060 "setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
Aneesh Bansalb69061d2015-06-16 10:36:43 +053061 "setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
62 "setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
Sumit Garg45642832016-06-14 13:52:39 -040063 "setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
Aneesh Bansalb69061d2015-06-16 10:36:43 +053064 "setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
65
Saksham Jain503eab92016-03-23 16:24:37 +053066/* For secure boot flow, default environment used will be used */
Ruchika Guptaba688752017-04-17 18:07:18 +053067#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
68 defined(CONFIG_SD_BOOT)
69#if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
Aneesh Bansalb69061d2015-06-16 10:36:43 +053070#define CONFIG_BS_COPY_CMD \
Sumit Garg45642832016-06-14 13:52:39 -040071 "nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
72 "nand read $bs_ram $bs_device $bs_size ;"
Sumit Garg45642832016-06-14 13:52:39 -040073#elif defined(CONFIG_SD_BOOT)
74#define CONFIG_BS_COPY_CMD \
75 "mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
76 "mmc read $bs_ram $bs_device $bs_size ;"
Ruchika Guptaba688752017-04-17 18:07:18 +053077#endif
78#else
Saksham Jain503eab92016-03-23 16:24:37 +053079#define CONFIG_BS_COPY_CMD \
Sumit Garg45642832016-06-14 13:52:39 -040080 "cp.b $bs_hdr_device $bs_hdr_ram $bs_hdr_size ;" \
81 "cp.b $bs_device $bs_ram $bs_size ;"
gaurav ranaf79323c2015-03-10 14:08:50 +053082#endif
Saksham Jain503eab92016-03-23 16:24:37 +053083#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
gaurav ranaf79323c2015-03-10 14:08:50 +053084
Aneesh Bansalb69061d2015-06-16 10:36:43 +053085#ifndef CONFIG_BS_COPY_ENV
86#define CONFIG_BS_COPY_ENV
87#endif
88
89#ifndef CONFIG_BS_COPY_CMD
90#define CONFIG_BS_COPY_CMD
91#endif
92
Aneesh Bansal43104702016-01-22 16:37:24 +053093#define CONFIG_CHAIN_BOOT_CMD CONFIG_BS_COPY_ENV \
Aneesh Bansalb69061d2015-06-16 10:36:43 +053094 CONFIG_BS_COPY_CMD \
95 CONFIG_SECBOOT
gaurav ranaf79323c2015-03-10 14:08:50 +053096
97#endif
98#endif