mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-05 02:51:00 +00:00
a1b6b0a9c1
The patch implements secure booting for the mvebu architecture. This includes: - The addition of secure headers and all needed signatures and keys in mkimage - Commands capable of writing the board's efuses to both write the needed cryptographic data and enable the secure booting mechanism - The creation of convenience text files containing the necessary commands to write the efuses The KAK and CSK keys are expected to reside in the files kwb_kak.key and kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory. Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc> Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Stefan Roese <sr@denx.de>
184 lines
4 KiB
Text
184 lines
4 KiB
Text
if ARCH_MVEBU
|
|
|
|
config HAVE_MVEBU_EFUSE
|
|
bool
|
|
default n
|
|
|
|
config ARMADA_32BIT
|
|
bool
|
|
select CPU_V7
|
|
select SUPPORT_SPL
|
|
select SPL_DM
|
|
select SPL_DM_SEQ_ALIAS
|
|
select SPL_OF_CONTROL
|
|
select SPL_SIMPLE_BUS
|
|
select BOARD_EARLY_INIT_F
|
|
select ARCH_MISC_INIT
|
|
|
|
config ARMADA_64BIT
|
|
bool
|
|
select ARM64
|
|
|
|
# ARMv7 SoCs...
|
|
config ARMADA_375
|
|
bool
|
|
select ARMADA_32BIT
|
|
|
|
config ARMADA_38X
|
|
bool
|
|
select ARMADA_32BIT
|
|
select HAVE_MVEBU_EFUSE
|
|
|
|
config ARMADA_XP
|
|
bool
|
|
select ARMADA_32BIT
|
|
|
|
# ARMv8 SoCs...
|
|
config ARMADA_3700
|
|
bool
|
|
select ARM64
|
|
|
|
# Armada 7K and 8K are very similar - use only one Kconfig symbol for both
|
|
config ARMADA_8K
|
|
bool
|
|
select ARM64
|
|
|
|
# Armada PLL frequency (used for NAND clock generation)
|
|
config SYS_MVEBU_PLL_CLOCK
|
|
int
|
|
default "2000000000" if ARMADA_XP || ARMADA_3700 || ARMADA_8K
|
|
default "1000000000" if ARMADA_38X || ARMADA_375
|
|
|
|
# Armada XP/38x SoC types...
|
|
config MV78230
|
|
bool
|
|
select ARMADA_XP
|
|
|
|
config MV78260
|
|
bool
|
|
select ARMADA_XP
|
|
|
|
config MV78460
|
|
bool
|
|
select ARMADA_XP
|
|
|
|
config 88F6820
|
|
bool
|
|
select ARMADA_38X
|
|
|
|
choice
|
|
prompt "Armada XP/375/38x/3700/7K/8K board select"
|
|
optional
|
|
|
|
config TARGET_CLEARFOG
|
|
bool "Support ClearFog"
|
|
select 88F6820
|
|
|
|
config TARGET_MVEBU_DB_88F3720
|
|
bool "Support DB-88F3720 Armada 3720"
|
|
select ARMADA_3700
|
|
|
|
config TARGET_DB_88F6720
|
|
bool "Support DB-88F6720 Armada 375"
|
|
select ARMADA_375
|
|
|
|
config TARGET_DB_88F6820_GP
|
|
bool "Support DB-88F6820-GP"
|
|
select 88F6820
|
|
|
|
config TARGET_DB_88F6820_AMC
|
|
bool "Support DB-88F6820-AMC"
|
|
select 88F6820
|
|
|
|
config TARGET_MVEBU_ARMADA_8K
|
|
bool "Support Armada 7k/8k platforms"
|
|
select ARMADA_8K
|
|
select BOARD_LATE_INIT
|
|
|
|
config TARGET_DB_MV784MP_GP
|
|
bool "Support db-mv784mp-gp"
|
|
select MV78460
|
|
|
|
config TARGET_DS414
|
|
bool "Support Synology DS414"
|
|
select MV78230
|
|
|
|
config TARGET_MAXBCM
|
|
bool "Support maxbcm"
|
|
select MV78460
|
|
|
|
config TARGET_THEADORABLE
|
|
bool "Support theadorable Armada XP"
|
|
select BOARD_LATE_INIT if USB
|
|
select MV78260
|
|
|
|
endchoice
|
|
|
|
config SYS_BOARD
|
|
default "clearfog" if TARGET_CLEARFOG
|
|
default "mvebu_db-88f3720" if TARGET_MVEBU_DB_88F3720
|
|
default "db-88f6720" if TARGET_DB_88F6720
|
|
default "db-88f6820-gp" if TARGET_DB_88F6820_GP
|
|
default "db-88f6820-amc" if TARGET_DB_88F6820_AMC
|
|
default "mvebu_armada-8k" if TARGET_MVEBU_ARMADA_8K
|
|
default "db-mv784mp-gp" if TARGET_DB_MV784MP_GP
|
|
default "ds414" if TARGET_DS414
|
|
default "maxbcm" if TARGET_MAXBCM
|
|
default "theadorable" if TARGET_THEADORABLE
|
|
|
|
config SYS_CONFIG_NAME
|
|
default "clearfog" if TARGET_CLEARFOG
|
|
default "mvebu_db-88f3720" if TARGET_MVEBU_DB_88F3720
|
|
default "db-88f6720" if TARGET_DB_88F6720
|
|
default "db-88f6820-gp" if TARGET_DB_88F6820_GP
|
|
default "db-88f6820-amc" if TARGET_DB_88F6820_AMC
|
|
default "mvebu_armada-8k" if TARGET_MVEBU_ARMADA_8K
|
|
default "db-mv784mp-gp" if TARGET_DB_MV784MP_GP
|
|
default "ds414" if TARGET_DS414
|
|
default "maxbcm" if TARGET_MAXBCM
|
|
default "theadorable" if TARGET_THEADORABLE
|
|
|
|
config SYS_VENDOR
|
|
default "Marvell" if TARGET_DB_MV784MP_GP
|
|
default "Marvell" if TARGET_MVEBU_DB_88F3720
|
|
default "Marvell" if TARGET_DB_88F6720
|
|
default "Marvell" if TARGET_DB_88F6820_GP
|
|
default "Marvell" if TARGET_DB_88F6820_AMC
|
|
default "Marvell" if TARGET_MVEBU_ARMADA_8K
|
|
default "solidrun" if TARGET_CLEARFOG
|
|
default "Synology" if TARGET_DS414
|
|
|
|
config SYS_SOC
|
|
default "mvebu"
|
|
|
|
config MVEBU_EFUSE
|
|
bool "Enable eFuse support"
|
|
default n
|
|
depends on HAVE_MVEBU_EFUSE
|
|
help
|
|
Enable support for reading and writing eFuses on mvebu SoCs.
|
|
|
|
config MVEBU_EFUSE_FAKE
|
|
bool "Fake eFuse access (dry run)"
|
|
default n
|
|
depends on MVEBU_EFUSE
|
|
help
|
|
This enables a "dry run" mode where eFuses are not really programmed.
|
|
Instead the eFuse accesses are emulated by writing to and reading
|
|
from a memory block.
|
|
This is can be used for testing prog scripts.
|
|
|
|
config SECURED_MODE_IMAGE
|
|
bool "Build image for trusted boot"
|
|
default false
|
|
depends on 88F6820
|
|
help
|
|
Build an image that employs the ARMADA SoC's trusted boot framework
|
|
for securely booting images.
|
|
|
|
config SECURED_MODE_CSK_INDEX
|
|
int "Index of active CSK"
|
|
default 0
|
|
depends on SECURED_MODE_IMAGE
|
|
|
|
endif
|