secure_boot: enable chain of trust for PowerPC platforms

Chain of Trust is enabled for PowerPC platforms for Secure Boot.
CONFIG_BOARD_LATE_INIT is defined.
In board_late_init(), fsl_setenv_chain_of_trust() is called which
will perform the following:
- If boot mode is non-secure, return (No Change)
- If boot mode is secure, set the following environmet variables:
   bootdelay = 0 (To disable Boot Prompt)
   bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This commit is contained in:
Aneesh Bansal 2016-01-22 16:37:27 +05:30 committed by York Sun
parent d041288586
commit d0a6d7ce55
2 changed files with 21 additions and 0 deletions

View file

@ -27,6 +27,9 @@
#include <hwconfig.h>
#include <linux/compiler.h>
#include "mp.h"
#ifdef CONFIG_CHAIN_OF_TRUST
#include <fsl_validate.h>
#endif
#ifdef CONFIG_FSL_CAAM
#include <fsl_sec.h>
#endif
@ -1009,3 +1012,14 @@ void cpu_secondary_init_r(void)
qe_reset();
#endif
}
#ifdef CONFIG_BOARD_LATE_INIT
int board_late_init(void)
{
#ifdef CONFIG_CHAIN_OF_TRUST
fsl_setenv_chain_of_trust();
#endif
return 0;
}
#endif

View file

@ -87,6 +87,13 @@
#define CONFIG_FSL_CAAM
#endif
/* fsl_setenv_chain_of_trust() must be called from
* board_late_init()
*/
#ifndef CONFIG_BOARD_LATE_INIT
#define CONFIG_BOARD_LATE_INIT
#endif
/* If Boot Script is not on NOR and is required to be copied on RAM */
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BS_HDR_ADDR_RAM 0x00010000