1*4882a593Smuzhiyun /*
2*4882a593Smuzhiyun * Copyright 2015 Freescale Semiconductor, Inc.
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * SPDX-License-Identifier: GPL-2.0+
5*4882a593Smuzhiyun */
6*4882a593Smuzhiyun
7*4882a593Smuzhiyun #include <common.h>
8*4882a593Smuzhiyun #include <command.h>
9*4882a593Smuzhiyun #include <fsl_validate.h>
10*4882a593Smuzhiyun
do_esbc_halt(cmd_tbl_t * cmdtp,int flag,int argc,char * const argv[])11*4882a593Smuzhiyun int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
12*4882a593Smuzhiyun char * const argv[])
13*4882a593Smuzhiyun {
14*4882a593Smuzhiyun if (fsl_check_boot_mode_secure() == 0) {
15*4882a593Smuzhiyun printf("Boot Mode is Non-Secure. Not entering spin loop.\n");
16*4882a593Smuzhiyun return 0;
17*4882a593Smuzhiyun }
18*4882a593Smuzhiyun
19*4882a593Smuzhiyun printf("Core is entering spin loop.\n");
20*4882a593Smuzhiyun loop:
21*4882a593Smuzhiyun goto loop;
22*4882a593Smuzhiyun
23*4882a593Smuzhiyun return 0;
24*4882a593Smuzhiyun }
25*4882a593Smuzhiyun
do_esbc_validate(cmd_tbl_t * cmdtp,int flag,int argc,char * const argv[])26*4882a593Smuzhiyun static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
27*4882a593Smuzhiyun char * const argv[])
28*4882a593Smuzhiyun {
29*4882a593Smuzhiyun char *hash_str = NULL;
30*4882a593Smuzhiyun uintptr_t haddr;
31*4882a593Smuzhiyun int ret;
32*4882a593Smuzhiyun uintptr_t img_addr = 0;
33*4882a593Smuzhiyun char buf[20];
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun if (argc < 2)
36*4882a593Smuzhiyun return cmd_usage(cmdtp);
37*4882a593Smuzhiyun else if (argc > 2)
38*4882a593Smuzhiyun /* Second arg - Optional - Hash Str*/
39*4882a593Smuzhiyun hash_str = argv[2];
40*4882a593Smuzhiyun
41*4882a593Smuzhiyun /* First argument - header address -32/64bit */
42*4882a593Smuzhiyun haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
43*4882a593Smuzhiyun
44*4882a593Smuzhiyun /* With esbc_validate command, Image address must be
45*4882a593Smuzhiyun * part of header. So, the function is called
46*4882a593Smuzhiyun * by passing this argument as 0.
47*4882a593Smuzhiyun */
48*4882a593Smuzhiyun ret = fsl_secboot_validate(haddr, hash_str, &img_addr);
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun /* Need to set "img_addr" even if validation failure.
51*4882a593Smuzhiyun * Required when SB_EN in RCW set and non-fatal error
52*4882a593Smuzhiyun * to continue U-Boot
53*4882a593Smuzhiyun */
54*4882a593Smuzhiyun sprintf(buf, "%lx", img_addr);
55*4882a593Smuzhiyun env_set("img_addr", buf);
56*4882a593Smuzhiyun
57*4882a593Smuzhiyun if (ret)
58*4882a593Smuzhiyun return 1;
59*4882a593Smuzhiyun
60*4882a593Smuzhiyun printf("esbc_validate command successful\n");
61*4882a593Smuzhiyun return 0;
62*4882a593Smuzhiyun }
63*4882a593Smuzhiyun
64*4882a593Smuzhiyun /***************************************************/
65*4882a593Smuzhiyun static char esbc_validate_help_text[] =
66*4882a593Smuzhiyun "esbc_validate hdr_addr <hash_val> - Validates signature using\n"
67*4882a593Smuzhiyun " RSA verification\n"
68*4882a593Smuzhiyun " $hdr_addr Address of header of the image\n"
69*4882a593Smuzhiyun " to be validated.\n"
70*4882a593Smuzhiyun " $hash_val -Optional\n"
71*4882a593Smuzhiyun " It provides Hash of public/srk key to be\n"
72*4882a593Smuzhiyun " used to verify signature.\n";
73*4882a593Smuzhiyun
74*4882a593Smuzhiyun U_BOOT_CMD(
75*4882a593Smuzhiyun esbc_validate, 3, 0, do_esbc_validate,
76*4882a593Smuzhiyun "Validates signature on a given image using RSA verification",
77*4882a593Smuzhiyun esbc_validate_help_text
78*4882a593Smuzhiyun );
79*4882a593Smuzhiyun
80*4882a593Smuzhiyun U_BOOT_CMD(
81*4882a593Smuzhiyun esbc_halt, 1, 0, do_esbc_halt,
82*4882a593Smuzhiyun "Put the core in spin loop (Secure Boot Only)",
83*4882a593Smuzhiyun ""
84*4882a593Smuzhiyun );
85