u-boot/include/configs/ls1012ardb.h
Vinitha V Pillai 78c58082a9 armv8: Secure Boot: Modify boot_a_script definition
esbc_validate command will not be executed if “load” command for its
header fails and will further execute the source command for bootscript,
without its validation and boot process continues.

To halt the  boot process in case secure boot header is not loaded
successfully, esbc_validate command is invoked separately after “load”
command. The secure boot validation of the bootscript header will fail
(if header is not loaded) and halts the boot process, which prevent source
command from execution.

Signed-off-by: Vinitha V Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
2019-05-22 12:24:24 +05:30

127 lines
3.6 KiB
C

/* SPDX-License-Identifier: GPL-2.0+ */
/*
* Copyright 2016 Freescale Semiconductor, Inc.
*/
#ifndef __LS1012ARDB_H__
#define __LS1012ARDB_H__
#include "ls1012a_common.h"
/* DDR */
#define CONFIG_DIMM_SLOTS_PER_CTLR 1
#define CONFIG_CHIP_SELECTS_PER_CTRL 1
#define CONFIG_SYS_SDRAM_SIZE 0x40000000
#define CONFIG_CMD_MEMINFO
#define CONFIG_SYS_MEMTEST_START 0x80000000
#define CONFIG_SYS_MEMTEST_END 0x9fffffff
/*
* I2C IO expander
*/
#define I2C_MUX_IO_ADDR 0x24
#define I2C_MUX_IO2_ADDR 0x25
#define I2C_MUX_IO_0 0
#define I2C_MUX_IO_1 1
#define SW_BOOT_MASK 0x03
#define SW_BOOT_EMU 0x02
#define SW_BOOT_BANK1 0x00
#define SW_BOOT_BANK2 0x01
#define SW_REV_MASK 0xF8
#define SW_REV_A 0xF8
#define SW_REV_B 0xF0
#define SW_REV_C 0xE8
#define SW_REV_C1 0xE0
#define SW_REV_C2 0xD8
#define SW_REV_D 0xD0
#define SW_REV_E 0xC8
#define __PHY_MASK 0xF9
#define __PHY_ETH2_MASK 0xFB
#define __PHY_ETH1_MASK 0xFD
/* MMC */
#ifdef CONFIG_MMC
#define CONFIG_SYS_FSL_MMC_HAS_CAPBLT_VS33
#endif
#define CONFIG_PCIE1 /* PCIE controller 1 */
#define CONFIG_PCI_SCAN_SHOW
#define CONFIG_CMD_MEMINFO
#define CONFIG_SYS_MEMTEST_START 0x80000000
#define CONFIG_SYS_MEMTEST_END 0x9fffffff
#undef CONFIG_EXTRA_ENV_SETTINGS
#define CONFIG_EXTRA_ENV_SETTINGS \
"verify=no\0" \
"fdt_high=0xffffffffffffffff\0" \
"initrd_high=0xffffffffffffffff\0" \
"fdt_addr=0x00f00000\0" \
"kernel_addr=0x01000000\0" \
"kernelheader_addr=0x800000\0" \
"scriptaddr=0x80000000\0" \
"scripthdraddr=0x80080000\0" \
"fdtheader_addr_r=0x80100000\0" \
"kernelheader_addr_r=0x80200000\0" \
"kernel_addr_r=0x81000000\0" \
"fdt_addr_r=0x90000000\0" \
"load_addr=0xa0000000\0" \
"kernel_size=0x2800000\0" \
"kernelheader_size=0x40000\0" \
"console=ttyS0,115200\0" \
BOOTENV \
"boot_scripts=ls1012ardb_boot.scr\0" \
"boot_script_hdr=hdr_ls1012ardb_bs.out\0" \
"scan_dev_for_boot_part=" \
"part list ${devtype} ${devnum} devplist; " \
"env exists devplist || setenv devplist 1; " \
"for distro_bootpart in ${devplist}; do " \
"if fstype ${devtype} " \
"${devnum}:${distro_bootpart} " \
"bootfstype; then " \
"run scan_dev_for_boot; " \
"fi; " \
"done\0" \
"scan_dev_for_boot=" \
"echo Scanning ${devtype} " \
"${devnum}:${distro_bootpart}...; " \
"for prefix in ${boot_prefixes}; do " \
"run scan_dev_for_scripts; " \
"done;" \
"\0" \
"boot_a_script=" \
"load ${devtype} ${devnum}:${distro_bootpart} " \
"${scriptaddr} ${prefix}${script}; " \
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
"${scripthdraddr} ${prefix}${boot_script_hdr}; " \
"env exists secureboot " \
"&& esbc_validate ${scripthdraddr};" \
"source ${scriptaddr}\0" \
"installer=load mmc 0:2 $load_addr " \
"/flex_installer_arm64.itb; " \
"bootm $load_addr#$board\0" \
"qspi_bootcmd=echo Trying load from qspi..;" \
"sf probe && sf read $load_addr " \
"$kernel_addr $kernel_size; env exists secureboot " \
"&& sf read $kernelheader_addr_r $kernelheader_addr " \
"$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
"bootm $load_addr#$board\0"
#undef CONFIG_BOOTCOMMAND
#ifdef CONFIG_TFABOOT
#undef QSPI_NOR_BOOTCOMMAND
#define QSPI_NOR_BOOTCOMMAND "pfe stop; run distro_bootcmd; run qspi_bootcmd; "\
"env exists secureboot && esbc_halt;"
#else
#define CONFIG_BOOTCOMMAND "pfe stop; run distro_bootcmd; run qspi_bootcmd; "\
"env exists secureboot && esbc_halt;"
#endif
#include <asm/fsl_secure_boot.h>
#endif /* __LS1012ARDB_H__ */