mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-10 15:14:43 +00:00
powerpc: Clean up CHAIN_OF_TRUST related options
As things stand currently, there is only one PowerPC platform that enables the options for CHAIN_OF_TRUST. From the board header files, remove a number of never-set options. Remove board specific values from arch/powerpc/include/asm/fsl_secure_boot.h as well. Rework include/config_fsl_chain_trust.h to not abuse the CONFIG namespace for constructing CHAIN_BOOT_CMD. Migrate all of the configurable addresses to Kconfig. If any platforms are re-introduced with secure boot support, everything required should still be here, but now in Kconfig, or requires migration of an option to Kconfig. Cc: Peng Fan <peng.fan@nxp.com> Signed-off-by: Tom Rini <trini@konsulko.com>
This commit is contained in:
parent
52aaa1840d
commit
f4cd75e96a
8 changed files with 66 additions and 89 deletions
|
@ -75,6 +75,46 @@ config SPL_UBOOT_KEY_HASH
|
||||||
41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b.
|
41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b.
|
||||||
Otherwise leave this empty.
|
Otherwise leave this empty.
|
||||||
|
|
||||||
|
if PPC
|
||||||
|
|
||||||
|
config BOOTSCRIPT_COPY_RAM
|
||||||
|
bool "Secure boot copies boot script to RAM"
|
||||||
|
help
|
||||||
|
On systems that support chain of trust booting, a number of addresses
|
||||||
|
are required to set variables that are used in the copying and then
|
||||||
|
verification of different parts of the system. If enabled, the subsequent
|
||||||
|
options are for what location to use in each step.
|
||||||
|
|
||||||
|
config BS_ADDR_DEVICE
|
||||||
|
hex "Address in RAM for bs_device"
|
||||||
|
depends on BOOTSCRIPT_COPY_RAM
|
||||||
|
|
||||||
|
config BS_SIZE
|
||||||
|
hex "The size of bs_size which is the amount read from bs_device"
|
||||||
|
depends on BOOTSCRIPT_COPY_RAM
|
||||||
|
|
||||||
|
config BS_ADDR_RAM
|
||||||
|
hex "Address in RAM for bs_ram"
|
||||||
|
depends on BOOTSCRIPT_COPY_RAM
|
||||||
|
|
||||||
|
config BS_HDR_ADDR_DEVICE
|
||||||
|
hex "Address in RAM for bs_hdr_device"
|
||||||
|
depends on BOOTSCRIPT_COPY_RAM
|
||||||
|
|
||||||
|
config BS_HDR_SIZE
|
||||||
|
hex "The size of bs_hdr_size which is the amount read from bs_hdr_device"
|
||||||
|
depends on BOOTSCRIPT_COPY_RAM
|
||||||
|
|
||||||
|
config BS_HDR_ADDR_RAM
|
||||||
|
hex "Address in RAM for bs_hdr_ram"
|
||||||
|
depends on BOOTSCRIPT_COPY_RAM
|
||||||
|
|
||||||
|
config BOOTSCRIPT_HDR_ADDR
|
||||||
|
hex "CONFIG_BOOTSCRIPT_HDR_ADDR"
|
||||||
|
default BS_ADDR_RAM if BOOTSCRIPT_COPY_RAM
|
||||||
|
|
||||||
|
endif
|
||||||
|
|
||||||
config SYS_FSL_SRK_LE
|
config SYS_FSL_SRK_LE
|
||||||
def_bool y
|
def_bool y
|
||||||
depends on ARM
|
depends on ARM
|
||||||
|
|
|
@ -10,19 +10,12 @@
|
||||||
#ifdef CONFIG_NXP_ESBC
|
#ifdef CONFIG_NXP_ESBC
|
||||||
#if defined(CONFIG_FSL_CORENET)
|
#if defined(CONFIG_FSL_CORENET)
|
||||||
#define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000
|
#define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000
|
||||||
#elif defined(CONFIG_TARGET_BSC9132QDS)
|
|
||||||
#define CONFIG_SYS_PBI_FLASH_BASE 0xc8000000
|
|
||||||
#elif defined(CONFIG_TARGET_C29XPCIE)
|
|
||||||
#define CONFIG_SYS_PBI_FLASH_BASE 0xcc000000
|
|
||||||
#else
|
#else
|
||||||
#define CONFIG_SYS_PBI_FLASH_BASE 0xce000000
|
#define CONFIG_SYS_PBI_FLASH_BASE 0xce000000
|
||||||
#endif
|
#endif
|
||||||
#define CONFIG_SYS_PBI_FLASH_WINDOW 0xcff80000
|
#define CONFIG_SYS_PBI_FLASH_WINDOW 0xcff80000
|
||||||
|
|
||||||
#if defined(CONFIG_TARGET_B4860QDS) || \
|
#if defined(CONFIG_TARGET_T2080QDS) || \
|
||||||
defined(CONFIG_TARGET_B4420QDS) || \
|
|
||||||
defined(CONFIG_TARGET_T4240QDS) || \
|
|
||||||
defined(CONFIG_TARGET_T2080QDS) || \
|
|
||||||
defined(CONFIG_TARGET_T2080RDB) || \
|
defined(CONFIG_TARGET_T2080RDB) || \
|
||||||
defined(CONFIG_TARGET_T1042RDB) || \
|
defined(CONFIG_TARGET_T1042RDB) || \
|
||||||
defined(CONFIG_TARGET_T1042D4RDB) || \
|
defined(CONFIG_TARGET_T1042D4RDB) || \
|
||||||
|
@ -78,40 +71,6 @@
|
||||||
#endif /* ifdef CONFIG_SPL_BUILD */
|
#endif /* ifdef CONFIG_SPL_BUILD */
|
||||||
|
|
||||||
#ifndef CONFIG_SPL_BUILD
|
#ifndef CONFIG_SPL_BUILD
|
||||||
/*
|
|
||||||
* fsl_setenv_chain_of_trust() must be called from
|
|
||||||
* board_late_init()
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* If Boot Script is not on NOR and is required to be copied on RAM */
|
|
||||||
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
|
|
||||||
#define CONFIG_BS_HDR_ADDR_RAM 0x00010000
|
|
||||||
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00800000
|
|
||||||
#define CONFIG_BS_HDR_SIZE 0x00002000
|
|
||||||
#define CONFIG_BS_ADDR_RAM 0x00012000
|
|
||||||
#define CONFIG_BS_ADDR_DEVICE 0x00802000
|
|
||||||
#define CONFIG_BS_SIZE 0x00001000
|
|
||||||
|
|
||||||
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
|
|
||||||
#else
|
|
||||||
|
|
||||||
/* The bootscript header address is different for B4860 because the NOR
|
|
||||||
* mapping is different on B4 due to reduced NOR size.
|
|
||||||
*/
|
|
||||||
#if defined(CONFIG_TARGET_B4860QDS) || defined(CONFIG_TARGET_B4420QDS)
|
|
||||||
#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xecc00000
|
|
||||||
#elif defined(CONFIG_FSL_CORENET)
|
|
||||||
#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xe8e00000
|
|
||||||
#elif defined(CONFIG_TARGET_BSC9132QDS)
|
|
||||||
#define CONFIG_BOOTSCRIPT_HDR_ADDR 0x88020000
|
|
||||||
#elif defined(CONFIG_TARGET_C29XPCIE)
|
|
||||||
#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xec020000
|
|
||||||
#else
|
|
||||||
#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xee020000
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
|
|
||||||
|
|
||||||
#include <config_fsl_chain_trust.h>
|
#include <config_fsl_chain_trust.h>
|
||||||
#endif /* #ifndef CONFIG_SPL_BUILD */
|
#endif /* #ifndef CONFIG_SPL_BUILD */
|
||||||
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
|
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
#include <fsl_sfp.h>
|
#include <fsl_sfp.h>
|
||||||
#include <log.h>
|
#include <log.h>
|
||||||
#include <dm/root.h>
|
#include <dm/root.h>
|
||||||
|
#include <asm/fsl_secure_boot.h>
|
||||||
|
|
||||||
#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
|
#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
|
||||||
#include <spl.h>
|
#include <spl.h>
|
||||||
|
@ -76,14 +77,14 @@ int fsl_setenv_chain_of_trust(void)
|
||||||
|
|
||||||
/* If Boot mode is Secure, set the environment variables
|
/* If Boot mode is Secure, set the environment variables
|
||||||
* bootdelay = 0 (To disable Boot Prompt)
|
* bootdelay = 0 (To disable Boot Prompt)
|
||||||
* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
|
* bootcmd = CHAIN_BOOT_CMD (Validate and execute Boot script)
|
||||||
*/
|
*/
|
||||||
env_set("bootdelay", "-2");
|
env_set("bootdelay", "-2");
|
||||||
|
|
||||||
#ifdef CONFIG_ARM
|
#ifdef CONFIG_ARM
|
||||||
env_set("secureboot", "y");
|
env_set("secureboot", "y");
|
||||||
#else
|
#else
|
||||||
env_set("bootcmd", CONFIG_CHAIN_BOOT_CMD);
|
env_set("bootcmd", CHAIN_BOOT_CMD);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -1,8 +1,13 @@
|
||||||
CONFIG_PPC=y
|
CONFIG_PPC=y
|
||||||
CONFIG_SYS_TEXT_BASE=0xEFF40000
|
CONFIG_SYS_TEXT_BASE=0xEFF40000
|
||||||
CONFIG_ENV_SIZE=0x2000
|
CONFIG_ENV_SIZE=0x2000
|
||||||
CONFIG_NXP_ESBC=y
|
|
||||||
CONFIG_DEFAULT_DEVICE_TREE="t2080qds"
|
CONFIG_DEFAULT_DEVICE_TREE="t2080qds"
|
||||||
|
CONFIG_MPC85xx=y
|
||||||
|
CONFIG_TARGET_T2080QDS=y
|
||||||
|
CONFIG_MPC85XX_HAVE_RESET_VECTOR=y
|
||||||
|
CONFIG_ENABLE_36BIT_PHYS=y
|
||||||
|
CONFIG_NXP_ESBC=y
|
||||||
|
CONFIG_BOOTSCRIPT_HDR_ADDR=0xee020000
|
||||||
CONFIG_FSL_USE_PCA9547_MUX=y
|
CONFIG_FSL_USE_PCA9547_MUX=y
|
||||||
CONFIG_VID=y
|
CONFIG_VID=y
|
||||||
CONFIG_VID_FLS_ENV="t208xqds_vdd_mv"
|
CONFIG_VID_FLS_ENV="t208xqds_vdd_mv"
|
||||||
|
@ -10,10 +15,6 @@ CONFIG_VOL_MONITOR_IR36021_READ=y
|
||||||
CONFIG_VOL_MONITOR_IR36021_SET=y
|
CONFIG_VOL_MONITOR_IR36021_SET=y
|
||||||
CONFIG_FSL_QIXIS=y
|
CONFIG_FSL_QIXIS=y
|
||||||
# CONFIG_QIXIS_I2C_ACCESS is not set
|
# CONFIG_QIXIS_I2C_ACCESS is not set
|
||||||
CONFIG_MPC85xx=y
|
|
||||||
CONFIG_TARGET_T2080QDS=y
|
|
||||||
CONFIG_MPC85XX_HAVE_RESET_VECTOR=y
|
|
||||||
CONFIG_ENABLE_36BIT_PHYS=y
|
|
||||||
# CONFIG_SYS_MALLOC_F is not set
|
# CONFIG_SYS_MALLOC_F is not set
|
||||||
CONFIG_MP=y
|
CONFIG_MP=y
|
||||||
CONFIG_FIT=y
|
CONFIG_FIT=y
|
||||||
|
|
|
@ -18,21 +18,21 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifdef CONFIG_USE_BOOTARGS
|
#ifdef CONFIG_USE_BOOTARGS
|
||||||
#define CONFIG_SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';"
|
#define SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';"
|
||||||
#else
|
#else
|
||||||
#define CONFIG_SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \
|
#define SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \
|
||||||
"rw console=ttyS0,115200 ramdisk_size=600000\';"
|
"rw console=ttyS0,115200 ramdisk_size=600000\';"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define CONFIG_SECBOOT \
|
#define SECBOOT \
|
||||||
"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
|
"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
|
||||||
CONFIG_SET_BOOTARGS \
|
SET_BOOTARGS \
|
||||||
"esbc_validate $bs_hdraddr;" \
|
"esbc_validate $bs_hdraddr;" \
|
||||||
"source $img_addr;" \
|
"source $img_addr;" \
|
||||||
"esbc_halt\0"
|
"esbc_halt\0"
|
||||||
|
|
||||||
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
|
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
|
||||||
#define CONFIG_BS_COPY_ENV \
|
#define BS_COPY_ENV \
|
||||||
"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
|
"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
|
||||||
"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
|
"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
|
||||||
"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
|
"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
|
||||||
|
@ -43,33 +43,28 @@
|
||||||
/* For secure boot flow, default environment used will be used */
|
/* For secure boot flow, default environment used will be used */
|
||||||
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
|
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
|
||||||
defined(CONFIG_SD_BOOT)
|
defined(CONFIG_SD_BOOT)
|
||||||
#if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
|
#if defined(CONFIG_NAND_BOOT)
|
||||||
#define CONFIG_BS_COPY_CMD \
|
#define BS_COPY_CMD \
|
||||||
"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
|
"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
|
||||||
"nand read $bs_ram $bs_device $bs_size ;"
|
"nand read $bs_ram $bs_device $bs_size ;"
|
||||||
#elif defined(CONFIG_SD_BOOT)
|
#elif defined(CONFIG_SD_BOOT)
|
||||||
#define CONFIG_BS_COPY_CMD \
|
#define BS_COPY_CMD \
|
||||||
"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
|
"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
|
||||||
"mmc read $bs_ram $bs_device $bs_size ;"
|
"mmc read $bs_ram $bs_device $bs_size ;"
|
||||||
#endif
|
#endif
|
||||||
#else
|
#else
|
||||||
#define CONFIG_BS_COPY_CMD \
|
#define BS_COPY_CMD \
|
||||||
"cp.b $bs_hdr_device $bs_hdr_ram $bs_hdr_size ;" \
|
"cp.b $bs_hdr_device $bs_hdr_ram $bs_hdr_size ;" \
|
||||||
"cp.b $bs_device $bs_ram $bs_size ;"
|
"cp.b $bs_device $bs_ram $bs_size ;"
|
||||||
#endif
|
#endif
|
||||||
|
#else /* !CONFIG_BOOTSCRIPT_COPY_RAM */
|
||||||
|
#define BS_COPY_ENV
|
||||||
|
#define BS_COPY_CMD
|
||||||
#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
|
#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
|
||||||
|
|
||||||
#ifndef CONFIG_BS_COPY_ENV
|
#define CHAIN_BOOT_CMD BS_COPY_ENV \
|
||||||
#define CONFIG_BS_COPY_ENV
|
BS_COPY_CMD \
|
||||||
#endif
|
SECBOOT
|
||||||
|
|
||||||
#ifndef CONFIG_BS_COPY_CMD
|
|
||||||
#define CONFIG_BS_COPY_CMD
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define CONFIG_CHAIN_BOOT_CMD CONFIG_BS_COPY_ENV \
|
|
||||||
CONFIG_BS_COPY_CMD \
|
|
||||||
CONFIG_SECBOOT
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -53,7 +53,6 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_NAND_SECBOOT /* NAND Boot */
|
#ifdef CONFIG_NAND_SECBOOT /* NAND Boot */
|
||||||
#define CONFIG_RAMBOOT_NAND
|
|
||||||
#define CONFIG_RESET_VECTOR_ADDRESS 0x110bfffc
|
#define CONFIG_RESET_VECTOR_ADDRESS 0x110bfffc
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -348,8 +347,7 @@ extern unsigned long get_sdram_size(void);
|
||||||
FTIM2_GPCM_TWP(0x1f))
|
FTIM2_GPCM_TWP(0x1f))
|
||||||
#define CONFIG_SYS_CS3_FTIM3 0x0
|
#define CONFIG_SYS_CS3_FTIM3 0x0
|
||||||
|
|
||||||
#if defined(CONFIG_RAMBOOT_SDCARD) || defined(CONFIG_RAMBOOT_SPIFLASH) || \
|
#if defined(CONFIG_RAMBOOT_SDCARD) || defined(CONFIG_RAMBOOT_SPIFLASH)
|
||||||
defined(CONFIG_RAMBOOT_NAND)
|
|
||||||
#define CONFIG_SYS_RAMBOOT
|
#define CONFIG_SYS_RAMBOOT
|
||||||
#else
|
#else
|
||||||
#undef CONFIG_SYS_RAMBOOT
|
#undef CONFIG_SYS_RAMBOOT
|
||||||
|
|
|
@ -66,14 +66,6 @@
|
||||||
#define CONFIG_PCIE3 /* PCIE controller 3 */
|
#define CONFIG_PCIE3 /* PCIE controller 3 */
|
||||||
#define CONFIG_PCIE4 /* PCIE controller 4 */
|
#define CONFIG_PCIE4 /* PCIE controller 4 */
|
||||||
|
|
||||||
#if defined(CONFIG_SPIFLASH)
|
|
||||||
#elif defined(CONFIG_MTD_RAW_NAND)
|
|
||||||
#ifdef CONFIG_NXP_ESBC
|
|
||||||
#define CONFIG_RAMBOOT_NAND
|
|
||||||
#define CONFIG_BOOTSCRIPT_COPY_RAM
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* These can be toggled for performance analysis, otherwise use default.
|
* These can be toggled for performance analysis, otherwise use default.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -15,17 +15,8 @@
|
||||||
#include "../board/freescale/common/ics307_clk.h"
|
#include "../board/freescale/common/ics307_clk.h"
|
||||||
|
|
||||||
#ifdef CONFIG_RAMBOOT_PBL
|
#ifdef CONFIG_RAMBOOT_PBL
|
||||||
#ifdef CONFIG_NXP_ESBC
|
|
||||||
#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE
|
#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE
|
||||||
#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc
|
#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc
|
||||||
#ifdef CONFIG_MTD_RAW_NAND
|
|
||||||
#define CONFIG_RAMBOOT_NAND
|
|
||||||
#endif
|
|
||||||
#define CONFIG_BOOTSCRIPT_COPY_RAM
|
|
||||||
#else
|
|
||||||
#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE
|
|
||||||
#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE
|
#ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE
|
||||||
|
|
Loading…
Reference in a new issue