fsl_validate: Migrate SPL_UBOOT_KEY_HASH to Kconfig

Move setting of SPL_UBOOT_KEY_HASH to a non-NULL value to Kconfig. As part of this, change fsl_secboot_validate(...) to check that it is passed a non-empty string, rather than non-NULL. Cc: Peng Fan <peng.fan@nxp.com> Cc: Priyanka Jain <priyanka.jain@nxp.com> Cc: Kshitiz Varshney <kshitiz.varshney@nxp.com> Signed-off-by: Tom Rini <trini@konsulko.com>
2024-11-24 21:54:01 +00:00 · 2022-06-17 16:24:32 -04:00 · 2022-06-17 16:24:32 -04:00 · 5aad0a14ba
commit 5aad0a14ba
parent 540b73a7be
4 changed files with 12 additions and 24 deletions
--- a/arch/Kconfig.nxp
+++ b/arch/Kconfig.nxp
@ -64,6 +64,17 @@ config SYS_FSL_SFP_VER_3_4

 endchoice

+config SPL_UBOOT_KEY_HASH
+	string "Non-SRK key hash for U-Boot public/private key pair"
+	depends on SPL
+	default ""
+	help
+	  Set the key hash for U-Boot here if public/private key pair used to
+	  sign U-boot are different from the SRK hash put in the fuse.  Example
+	  of a key hash is
+	  41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b.
+	  Otherwise leave this empty.
+
 config SYS_FSL_SRK_LE
 	def_bool y
 	depends on ARM
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@ -8,19 +8,6 @@
 #define __FSL_SECURE_BOOT_H

 #ifdef CONFIG_CHAIN_OF_TRUST
-#ifdef CONFIG_SPL_BUILD
-/*
- * Define the key hash for U-Boot here if public/private key pair used to
- * sign U-boot are different from the SRK hash put in the fuse
- * Example of defining KEY_HASH is
- * #define CONFIG_SPL_UBOOT_KEY_HASH \
- *      "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
- * else leave it defined as NULL
- */
-
-#define CONFIG_SPL_UBOOT_KEY_HASH	NULL
-#endif /* ifdef CONFIG_SPL_BUILD */
-
 #ifndef CONFIG_SPL_BUILD
 #ifndef CONFIG_SYS_RAMBOOT
 /* The key used for verification of next level images
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@ -75,16 +75,6 @@
 #define CONFIG_SPL_SPAACT_ADDR		0x2f000000
 #define CONFIG_SPL_JR0_LIODN_S		454
 #define CONFIG_SPL_JR0_LIODN_NS		458
-/*
- * Define the key hash for U-Boot here if public/private key pair used to
- * sign U-boot are different from the SRK hash put in the fuse
- * Example of defining KEY_HASH is
- * #define CONFIG_SPL_UBOOT_KEY_HASH \
- *      "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
- * else leave it defined as NULL
- */
-
-#define CONFIG_SPL_UBOOT_KEY_HASH	NULL
 #endif /* ifdef CONFIG_SPL_BUILD */

 #ifndef CONFIG_SPL_BUILD
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@ -871,7 +871,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
 	int ret, i, hash_cmd = 0;
 	u32 srk_hash[8];

-	if (arg_hash_str != NULL) {
+	if (strlen(arg_hash_str) != 0) {
 		const char *cp = arg_hash_str;
 		int i = 0;