mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-12 22:33:18 +00:00
285226785e
In some cases this is absolutely required, so select this for some secure features. This also requires migration of RSA_FREESCALE_EXP Cc: Ruchika Gupta <ruchika.gupta@nxp.com> Cc: Poonam Aggrwal <poonam.aggrwal@freescale.com> Cc: Naveen Burmi <NaveenBurmi@freescale.com> Cc: Po Liu <po.liu@freescale.com> Cc: Shengzhou Liu <Shengzhou.Liu@freescale.com> Cc: Priyanka Jain <Priyanka.Jain@freescale.com> Cc: Sumit Garg <sumit.garg@nxp.com> Cc: Shaohui Xie <Shaohui.Xie@freescale.com> Cc: Chunhe Lan <Chunhe.Lan@freescale.com> Cc: Feng Li <feng.li_2@nxp.com> Cc: Alison Wang <alison.wang@freescale.com> Cc: Mingkai Hu <Mingkai.Hu@freescale.com> Cc: York Sun <york.sun@nxp.com> Cc: Saksham Jain <saksham.jain@nxp.freescale.com> Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> Signed-off-by: Tom Rini <trini@konsulko.com>
132 lines
3.9 KiB
C
132 lines
3.9 KiB
C
/*
|
|
* Copyright 2015 Freescale Semiconductor, Inc.
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0+
|
|
*/
|
|
|
|
#ifndef __FSL_SECURE_BOOT_H
|
|
#define __FSL_SECURE_BOOT_H
|
|
|
|
#ifdef CONFIG_CHAIN_OF_TRUST
|
|
#define CONFIG_CMD_ESBC_VALIDATE
|
|
#define CONFIG_FSL_SEC_MON
|
|
#define CONFIG_SHA_HW_ACCEL
|
|
#define CONFIG_SHA_PROG_HW_ACCEL
|
|
|
|
#define CONFIG_SPL_BOARD_INIT
|
|
#ifdef CONFIG_SPL_BUILD
|
|
/*
|
|
* Define the key hash for U-Boot here if public/private key pair used to
|
|
* sign U-boot are different from the SRK hash put in the fuse
|
|
* Example of defining KEY_HASH is
|
|
* #define CONFIG_SPL_UBOOT_KEY_HASH \
|
|
* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
|
|
* else leave it defined as NULL
|
|
*/
|
|
|
|
#define CONFIG_SPL_UBOOT_KEY_HASH NULL
|
|
#endif /* ifdef CONFIG_SPL_BUILD */
|
|
|
|
#ifndef CONFIG_SPL_BUILD
|
|
#define CONFIG_CMD_BLOB
|
|
#define CONFIG_CMD_HASH
|
|
#define CONFIG_KEY_REVOCATION
|
|
#ifndef CONFIG_SYS_RAMBOOT
|
|
/* The key used for verification of next level images
|
|
* is picked up from an Extension Table which has
|
|
* been verified by the ISBC (Internal Secure boot Code)
|
|
* in boot ROM of the SoC.
|
|
* The feature is only applicable in case of NOR boot and is
|
|
* not applicable in case of RAMBOOT (NAND, SD, SPI).
|
|
*/
|
|
#ifndef CONFIG_ESBC_HDR_LS
|
|
/* Current Key EXT feature not available in LS ESBC Header */
|
|
#define CONFIG_FSL_ISBC_KEY_EXT
|
|
#endif
|
|
|
|
#endif
|
|
|
|
#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
|
|
/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
|
|
* Similiarly for LS2080
|
|
*/
|
|
#define CONFIG_ESBC_ADDR_64BIT
|
|
#endif
|
|
|
|
#ifdef CONFIG_LS2080A
|
|
#define CONFIG_EXTRA_ENV \
|
|
"setenv fdt_high 0xa0000000;" \
|
|
"setenv initrd_high 0xcfffffff;" \
|
|
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
|
|
#else
|
|
#define CONFIG_EXTRA_ENV \
|
|
"setenv fdt_high 0xffffffff;" \
|
|
"setenv initrd_high 0xffffffff;" \
|
|
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
|
|
#endif
|
|
|
|
/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
|
|
* Non-XIP Memory (Nand/SD)*/
|
|
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
|
|
defined(CONFIG_SD_BOOT)
|
|
#define CONFIG_BOOTSCRIPT_COPY_RAM
|
|
#endif
|
|
/* The address needs to be modified according to NOR, NAND, SD and
|
|
* DDR memory map
|
|
*/
|
|
#ifdef CONFIG_FSL_LSCH3
|
|
#define CONFIG_BS_HDR_ADDR_DEVICE 0x580d00000
|
|
#define CONFIG_BS_ADDR_DEVICE 0x580e00000
|
|
#define CONFIG_BS_HDR_ADDR_RAM 0xa0d00000
|
|
#define CONFIG_BS_ADDR_RAM 0xa0e00000
|
|
#define CONFIG_BS_HDR_SIZE 0x00002000
|
|
#define CONFIG_BS_SIZE 0x00001000
|
|
#else
|
|
#ifdef CONFIG_SD_BOOT
|
|
/* For SD boot address and size are assigned in terms of sector
|
|
* offset and no. of sectors respectively.
|
|
*/
|
|
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000800
|
|
#define CONFIG_BS_ADDR_DEVICE 0x00000840
|
|
#define CONFIG_BS_HDR_SIZE 0x00000010
|
|
#define CONFIG_BS_SIZE 0x00000008
|
|
#else
|
|
#define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000
|
|
#define CONFIG_BS_ADDR_DEVICE 0x60060000
|
|
#define CONFIG_BS_HDR_SIZE 0x00002000
|
|
#define CONFIG_BS_SIZE 0x00001000
|
|
#endif /* #ifdef CONFIG_SD_BOOT */
|
|
#define CONFIG_BS_HDR_ADDR_RAM 0x81000000
|
|
#define CONFIG_BS_ADDR_RAM 0x81020000
|
|
#endif
|
|
|
|
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
|
|
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
|
|
#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM
|
|
#else
|
|
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_DEVICE
|
|
/* BOOTSCRIPT_ADDR is not required */
|
|
#endif
|
|
|
|
#ifdef CONFIG_FSL_LS_PPA
|
|
#ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
|
|
#ifdef CONFIG_LS1043A
|
|
#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000
|
|
#endif
|
|
#else
|
|
#error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
|
|
#endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */
|
|
|
|
/* Define the key hash here if SRK used for signing PPA image is
|
|
* different from SRK hash put in SFP used for U-Boot.
|
|
* Example
|
|
* #define CONFIG_PPA_KEY_HASH \
|
|
* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
|
|
*/
|
|
#define CONFIG_PPA_KEY_HASH NULL
|
|
#endif /* ifdef CONFIG_FSL_LS_PPA */
|
|
|
|
#include <config_fsl_chain_trust.h>
|
|
#endif /* #ifndef CONFIG_SPL_BUILD */
|
|
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
|
|
#endif
|