mirror of
https://github.com/AsahiLinux/u-boot
synced 2025-02-18 06:58:54 +00:00
SECURE BOOT: Add fall back option
Add fall back option, to boot from NOR/QSPI/SD for LS1043, LS1046, LS1021 in case of distro boot failure. For LS1046, add kernel validation in case of secure boot in sd_bootcmd and qspi_bootcmd. For LS1043 and LS1021, add kernel validation in case of secure boot in sd_bootcmd, qspi_bootcmdand nor_bootcmd. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
This commit is contained in:
Vinitha Pillai-B57223
York Sun
parent
003c99de10
commit
9b457cc6d1
4 changed files with 61 additions and 23 deletions
|
|
@ -420,16 +420,22 @@
|
|||
"initrd_high=0xffffffff\0" \
|
||||
"fdt_high=0xffffffff\0" \
|
||||
"fdt_addr=0x64f00000\0" \
|
||||
"kernel_addr=0x65000000\0" \
|
||||
"kernel_addr=0x61000000\0" \
|
||||
"kernelheader_addr=0x60800000\0" \
|
||||
"scriptaddr=0x80000000\0" \
|
||||
"scripthdraddr=0x80080000\0" \
|
||||
"fdtheader_addr_r=0x80100000\0" \
|
||||
"kernelheader_addr_r=0x80200000\0" \
|
||||
"kernel_addr_r=0x81000000\0" \
|
||||
"kernelheader_size=0x40000\0" \
|
||||
"fdt_addr_r=0x90000000\0" \
|
||||
"ramdisk_addr_r=0xa0000000\0" \
|
||||
"load_addr=0xa0000000\0" \
|
||||
"kernel_size=0x2800000\0" \
|
||||
"kernel_addr_sd=0x8000\0" \
|
||||
"kernel_size_sd=0x14000\0" \
|
||||
"kernelhdr_addr_sd=0x4000\0" \
|
||||
"kernelhdr_size_sd=0x10\0" \
|
||||
BOOTENV \
|
||||
"boot_scripts=ls1021atwr_boot.scr\0" \
|
||||
"boot_script_hdr=hdr_ls1021atwr_bs.out\0" \
|
||||
|
|
@ -460,26 +466,35 @@
|
|||
"source ${scriptaddr}\0" \
|
||||
"qspi_bootcmd=echo Trying load from qspi..;" \
|
||||
"sf probe && sf read $load_addr " \
|
||||
"$kernel_addr $kernel_size && bootm $load_addr#$board\0" \
|
||||
"$kernel_addr $kernel_size; env exists secureboot " \
|
||||
"&& sf read $kernelheader_addr_r $kernelheader_addr " \
|
||||
"$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
|
||||
"bootm $load_addr#$board\0" \
|
||||
"nor_bootcmd=echo Trying load from nor..;" \
|
||||
"cp.b $kernel_addr $load_addr " \
|
||||
"$kernel_size && bootm $load_addr#$board\0" \
|
||||
"$kernel_size; env exists secureboot " \
|
||||
"&& cp.b $kernelheader_addr $kernelheader_addr_r " \
|
||||
"$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
|
||||
"bootm $load_addr#$board\0" \
|
||||
"sd_bootcmd=echo Trying load from SD ..;" \
|
||||
"mmcinfo && mmc read $load_addr " \
|
||||
"$kernel_addr_sd $kernel_size_sd && " \
|
||||
"env exists secureboot && mmc read $kernelheader_addr_r " \
|
||||
"$kernelhdr_addr_sd $kernelhdr_size_sd " \
|
||||
" && esbc_validate ${kernelheader_addr_r};" \
|
||||
"bootm $load_addr#$board\0"
|
||||
#endif
|
||||
|
||||
#undef CONFIG_BOOTCOMMAND
|
||||
#if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
|
||||
"&& esbc_halt; run qspi_bootcmd;"
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd" \
|
||||
"env exists secureboot && esbc_halt"
|
||||
#elif defined(CONFIG_SD_BOOT)
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
|
||||
"&& esbc_halt; run sd_bootcmd;"
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run sd_bootcmd; " \
|
||||
"env exists secureboot && esbc_halt;"
|
||||
#else
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
|
||||
"&& esbc_halt; run nor_bootcmd;"
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run nor_bootcmd;" \
|
||||
"env exists secureboot && esbc_halt;"
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -252,7 +252,7 @@
|
|||
"fdt_high=0xffffffffffffffff\0" \
|
||||
"initrd_high=0xffffffffffffffff\0" \
|
||||
"fdt_addr=0x64f00000\0" \
|
||||
"kernel_addr=0x65000000\0" \
|
||||
"kernel_addr=0x61000000\0" \
|
||||
"scriptaddr=0x80000000\0" \
|
||||
"scripthdraddr=0x80080000\0" \
|
||||
"fdtheader_addr_r=0x80100000\0" \
|
||||
|
|
@ -260,9 +260,13 @@
|
|||
"kernel_addr_r=0x81000000\0" \
|
||||
"fdt_addr_r=0x90000000\0" \
|
||||
"load_addr=0xa0000000\0" \
|
||||
"kernelheader_addr=0x60800000\0" \
|
||||
"kernel_size=0x2800000\0" \
|
||||
"kernelheader_size=0x40000\0" \
|
||||
"kernel_addr_sd=0x8000\0" \
|
||||
"kernel_size_sd=0x14000\0" \
|
||||
"kernelhdr_addr_sd=0x4000\0" \
|
||||
"kernelhdr_size_sd=0x10\0" \
|
||||
"console=ttyS0,115200\0" \
|
||||
"boot_os=y\0" \
|
||||
"mtdparts=" CONFIG_MTDPARTS_DEFAULT "\0" \
|
||||
|
|
@ -295,26 +299,35 @@
|
|||
"source ${scriptaddr}\0" \
|
||||
"qspi_bootcmd=echo Trying load from qspi..;" \
|
||||
"sf probe && sf read $load_addr " \
|
||||
"$kernel_addr $kernel_size && bootm $load_addr#$board\0" \
|
||||
"$kernel_addr $kernel_size; env exists secureboot " \
|
||||
"&& sf read $kernelheader_addr_r $kernelheader_addr " \
|
||||
"$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
|
||||
"bootm $load_addr#$board\0" \
|
||||
"nor_bootcmd=echo Trying load from nor..;" \
|
||||
"cp.b $kernel_addr $load_addr " \
|
||||
"$kernel_size && bootm $load_addr#$board\0" \
|
||||
"$kernel_size; env exists secureboot " \
|
||||
"&& cp.b $kernelheader_addr $kernelheader_addr_r " \
|
||||
"$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
|
||||
"bootm $load_addr#$board\0" \
|
||||
"sd_bootcmd=echo Trying load from SD ..;" \
|
||||
"mmcinfo; mmc read $load_addr " \
|
||||
"$kernel_addr_sd $kernel_size_sd && " \
|
||||
"env exists secureboot && mmc read $kernelheader_addr_r " \
|
||||
"$kernelhdr_addr_sd $kernelhdr_size_sd " \
|
||||
" && esbc_validate ${kernelheader_addr_r};" \
|
||||
"bootm $load_addr#$board\0"
|
||||
|
||||
|
||||
#undef CONFIG_BOOTCOMMAND
|
||||
#if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
|
||||
"&& esbc_halt; run qspi_bootcmd;"
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd; " \
|
||||
"env exists secureboot && esbc_halt;"
|
||||
#elif defined(CONFIG_SD_BOOT)
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
|
||||
"&& esbc_halt; run sd_bootcmd;"
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run sd_bootcmd; " \
|
||||
"env exists secureboot && esbc_halt;"
|
||||
#else
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
|
||||
"&& esbc_halt; run nor_bootcmd;"
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run nor_bootcmd; " \
|
||||
"env exists secureboot && esbc_halt;"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
|
|
|||
|
|
@ -225,10 +225,14 @@
|
|||
"fdt_addr_r=0x90000000\0" \
|
||||
"ramdisk_addr_r=0xa0000000\0" \
|
||||
"kernel_start=0x1000000\0" \
|
||||
"kernelheader_start=0x800000\0" \
|
||||
"kernel_load=0xa0000000\0" \
|
||||
"kernel_size=0x2800000\0" \
|
||||
"kernelheader_size=0x40000\0" \
|
||||
"kernel_addr_sd=0x8000\0" \
|
||||
"kernel_size_sd=0x14000\0" \
|
||||
"kernelhdr_addr_sd=0x4000\0" \
|
||||
"kernelhdr_size_sd=0x10\0" \
|
||||
"console=ttyS0,115200\0" \
|
||||
CONFIG_MTDPARTS_DEFAULT "\0" \
|
||||
BOOTENV \
|
||||
|
|
@ -261,10 +265,16 @@
|
|||
"source ${scriptaddr}\0" \
|
||||
"qspi_bootcmd=echo Trying load from qspi..;" \
|
||||
"sf probe && sf read $load_addr " \
|
||||
"$kernel_start $kernel_size && bootm $load_addr#$board\0" \
|
||||
"$kernel_start $kernel_size; env exists secureboot " \
|
||||
"&& sf read $kernelheader_addr_r $kernelheader_start " \
|
||||
"$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
|
||||
"bootm $load_addr#$board\0" \
|
||||
"sd_bootcmd=echo Trying load from SD ..;" \
|
||||
"mmcinfo; mmc read $load_addr " \
|
||||
"$kernel_addr_sd $kernel_size_sd && " \
|
||||
"env exists secureboot && mmc read $kernelheader_addr_r " \
|
||||
"$kernelhdr_addr_sd $kernelhdr_size_sd " \
|
||||
" && esbc_validate ${kernelheader_addr_r};" \
|
||||
"bootm $load_addr#$board\0"
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -226,11 +226,11 @@
|
|||
#ifndef SPL_NO_MISC
|
||||
#undef CONFIG_BOOTCOMMAND
|
||||
#if defined(CONFIG_QSPI_BOOT)
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
|
||||
"&& esbc_halt; run qspi_bootcmd;"
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd; " \
|
||||
"env exists secureboot && esbc_halt;;"
|
||||
#elif defined(CONFIG_SD_BOOT)
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
|
||||
"&& esbc_halt; run sd_bootcmd;"
|
||||
#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run sd_bootcmd; " \
|
||||
"env exists secureboot && esbc_halt;"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue