This converts the following to Kconfig:
CONFIG_KIRKWOOD_EGIGA_INIT
CONFIG_KIRKWOOD_PCIE_INIT
CONFIG_KIRKWOOD_RGMII_PAD_1V8
CONFIG_KM_DISABLE_PCIE
Signed-off-by: Tom Rini <trini@konsulko.com>
These CONFIG options are only used on this board, in the board file
itself. Remove these from the CONFIG namespace and define in the board
file.
Signed-off-by: Tom Rini <trini@konsulko.com>
The symbol CONFIG_PCI_CLK_FREQ is local to this board. Provide equal
clarity in the code by referencing the numeric value directly and move
the explanatory comment to the code, just prior to use.
Signed-off-by: Tom Rini <trini@konsulko.com>
This driver is not enabled anywhere, remove it. Also remove definitions
of symbols only used in this driver, on platforms that did not enable
it.
Signed-off-by: Tom Rini <trini@konsulko.com>
As things stand currently, there is only one PowerPC platform that
enables the options for CHAIN_OF_TRUST. From the board header files,
remove a number of never-set options. Remove board specific values from
arch/powerpc/include/asm/fsl_secure_boot.h as well. Rework
include/config_fsl_chain_trust.h to not abuse the CONFIG namespace for
constructing CHAIN_BOOT_CMD. Migrate all of the configurable addresses
to Kconfig.
If any platforms are re-introduced with secure boot support, everything
required should still be here, but now in Kconfig, or requires migration
of an option to Kconfig.
Cc: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
The way that secure boot is implemented today on NXP ARM platforms does
not reuse the elements found in include/config_fsl_chain_trust.h to
construct CONFIG_SECBOOT but instead board header files have their
environment setup as needed and then fsl_setenv_chain_of_trust() will
set secureboot in the environment. Remove a large number of unused
defines here.
Cc: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Move setting of SPL_UBOOT_KEY_HASH to a non-NULL value to Kconfig. As
part of this, change fsl_secboot_validate(...) to check that it is
passed a non-empty string, rather than non-NULL.
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Priyanka Jain <priyanka.jain@nxp.com>
Cc: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Make all of the CHAIN_OF_TRUST options be under a single menu and add a
comment for the rest, so the resulting config file reads more clearly.
Remove duplicate CHAIN_OF_TRUST options from
board/congatec/common/Kconfig. Remove duplicate NXP_ESBC config
questions and move to arch/Kconfig.nxp.
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_KEY_REVOCATION
CONFIG_SYS_FSL_SFP_BE
CONFIG_SYS_FSL_SFP_LE
CONFIG_SYS_FSL_SFP_VER_3_0
CONFIG_SYS_FSL_SFP_VER_3_2
CONFIG_SYS_FSL_SFP_VER_3_4
CONFIG_SYS_FSL_SRK_LE
This partly means making sure to enable SYS_FSL_ERRATUM_A007186 only for
when CHAIN_OF_TRUST is enabled.
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_SYS_FSL_SEC_MON
CONFIG_SYS_FSL_SEC_MON_BE
CONFIG_SYS_FSL_SEC_MON_LE
Signed-off-by: Tom Rini <trini@konsulko.com>
Now that board/freescale/common/Kconfig is safe to be included once,
globally, rename this to arch/Kconfig.nxp to better reflect that it
contains options that are valid on multiple architectures and SoC
families, and not specific to NXP reference platforms either.
Cc: Stefano Babic <sbabic@denx.de>
Cc: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
The way that we use this file currently means that we have to guard it
in every platform Kconfig. But it is also required in all NXP
platforms, including non-reference platforms. Make all options in it
have appropriate dependencies so that we can include it a single time
under arch/Kconfig
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_HETROGENOUS_CLUSTERS
CONFIG_SYS_MAPLE
CONFIG_SYS_CPRI
CONFIG_PPC_CLUSTER_START
CONFIG_DSP_CLUSTER_START
CONFIG_SYS_CPRI_CLK
CONFIG_SYS_ULB_CLK
CONFIG_SYS_ETVPE_CLK
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_SAMSUNG_ONENAND
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
We rename the S5P specific "CONFIG_PWM" to CONFIG_PWM_S5P and move it to
Kconfig. Given the usage of CONFIG_PWM_NX, we have that select this new
symbol.
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Cc: Minkyu Kang <mk7.kang@samsung.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
- Drop the emulator CONFIG test from include/configs/ls1088ardb.h
- Migrate CONFIG_SYS_FSL_DDR_EMU to a select'able option in
drivers/ddr/fsl/Kconfig
Signed-off-by: Tom Rini <trini@konsulko.com>
As this driver can dynamically determine the values set in
CONFIG_DW_WDT_BASE when using WDT, so make this depend on WDT rather
than migrate CONFIG_DW_WDT_BASE to Kconfig.
Cc: Chee Tien Fong <tien.fong.chee@intel.com>
Cc: Chin-Liang See <chin.liang.see@intel.com>
Cc: Dinh Nguyen <dinh.nguyen@intel.com>
Cc: Holger Brunck <holger.brunck@hitachienergy.com>
Cc: Ley Foon Tan <ley.foon.tan@intel.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Cc: Stefan Roese <sr@denx.de>
Cc: hee Hong Ang <chee.hong.ang@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Stefan Roese <sr@denx.de>
This value is always used at the default, rename it for now. This
likely should come from the device tree if non-default, moving forward.
Signed-off-by: Tom Rini <trini@konsulko.com>
In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.
This binary must be rejected under secure boot mode.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.
Fixes: commit 4540dabdca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function is used to calculate a message digest as part of
authentication process in a later patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In MS authenticode, pkcs7 should have data in its contentInfo field.
This data is tagged with SpcIndirectData type and, for a signed PE image,
provides a image's message digest as SpcPeImageData.
This parser is used in image authentication to parse the field and
retrieve a message digest.
Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*.
Checkpatch.pl generates tones of warnings, but those are not fixed
for the sake of maintainability (importing from another source).
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
