xref: /OK3568_Linux_fs/u-boot/include/config_fsl_chain_trust.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /*
2*4882a593Smuzhiyun  * Copyright 2015 Freescale Semiconductor, Inc.
3*4882a593Smuzhiyun  *
4*4882a593Smuzhiyun  * SPDX-License-Identifier:	GPL-2.0+
5*4882a593Smuzhiyun  */
6*4882a593Smuzhiyun 
7*4882a593Smuzhiyun #ifndef __CONFIG_FSL_CHAIN_TRUST_H
8*4882a593Smuzhiyun #define __CONFIG_FSL_CHAIN_TRUST_H
9*4882a593Smuzhiyun 
10*4882a593Smuzhiyun #ifdef CONFIG_CHAIN_OF_TRUST
11*4882a593Smuzhiyun 
12*4882a593Smuzhiyun #ifndef CONFIG_EXTRA_ENV
13*4882a593Smuzhiyun #define CONFIG_EXTRA_ENV	""
14*4882a593Smuzhiyun #endif
15*4882a593Smuzhiyun 
16*4882a593Smuzhiyun /*
17*4882a593Smuzhiyun  * Control should not reach back to uboot after validation of images
18*4882a593Smuzhiyun  * for secure boot flow and therefore bootscript should have
19*4882a593Smuzhiyun  * the bootm command. If control reaches back to uboot anyhow
20*4882a593Smuzhiyun  * after validating images, core should just spin.
21*4882a593Smuzhiyun  */
22*4882a593Smuzhiyun 
23*4882a593Smuzhiyun /*
24*4882a593Smuzhiyun  * Define the key hash for boot script here if public/private key pair used to
25*4882a593Smuzhiyun  * sign bootscript are different from the SRK hash put in the fuse
26*4882a593Smuzhiyun  * Example of defining KEY_HASH is
27*4882a593Smuzhiyun  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
28*4882a593Smuzhiyun  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
29*4882a593Smuzhiyun  */
30*4882a593Smuzhiyun 
31*4882a593Smuzhiyun #ifdef CONFIG_USE_BOOTARGS
32*4882a593Smuzhiyun #define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
33*4882a593Smuzhiyun #else
34*4882a593Smuzhiyun #define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
35*4882a593Smuzhiyun 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
36*4882a593Smuzhiyun #endif
37*4882a593Smuzhiyun 
38*4882a593Smuzhiyun 
39*4882a593Smuzhiyun #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
40*4882a593Smuzhiyun #define CONFIG_SECBOOT \
41*4882a593Smuzhiyun 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
42*4882a593Smuzhiyun 	CONFIG_SET_BOOTARGS	\
43*4882a593Smuzhiyun 	CONFIG_EXTRA_ENV	\
44*4882a593Smuzhiyun 	"esbc_validate $bs_hdraddr " \
45*4882a593Smuzhiyun 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
46*4882a593Smuzhiyun 	"source $img_addr;"	\
47*4882a593Smuzhiyun 	"esbc_halt\0"
48*4882a593Smuzhiyun #else
49*4882a593Smuzhiyun #define CONFIG_SECBOOT \
50*4882a593Smuzhiyun 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
51*4882a593Smuzhiyun 	CONFIG_SET_BOOTARGS	\
52*4882a593Smuzhiyun 	CONFIG_EXTRA_ENV	\
53*4882a593Smuzhiyun 	"esbc_validate $bs_hdraddr;" \
54*4882a593Smuzhiyun 	"source $img_addr;"	\
55*4882a593Smuzhiyun 	"esbc_halt\0"
56*4882a593Smuzhiyun #endif
57*4882a593Smuzhiyun 
58*4882a593Smuzhiyun #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
59*4882a593Smuzhiyun #define CONFIG_BS_COPY_ENV \
60*4882a593Smuzhiyun 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
61*4882a593Smuzhiyun 	"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
62*4882a593Smuzhiyun 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
63*4882a593Smuzhiyun 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
64*4882a593Smuzhiyun 	"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
65*4882a593Smuzhiyun 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
66*4882a593Smuzhiyun 
67*4882a593Smuzhiyun /* For secure boot flow, default environment used will be used */
68*4882a593Smuzhiyun #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
69*4882a593Smuzhiyun 	defined(CONFIG_SD_BOOT)
70*4882a593Smuzhiyun #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
71*4882a593Smuzhiyun #define CONFIG_BS_COPY_CMD \
72*4882a593Smuzhiyun 	"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
73*4882a593Smuzhiyun 	"nand read $bs_ram $bs_device $bs_size ;"
74*4882a593Smuzhiyun #elif defined(CONFIG_SD_BOOT)
75*4882a593Smuzhiyun #define CONFIG_BS_COPY_CMD \
76*4882a593Smuzhiyun 	"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
77*4882a593Smuzhiyun 	"mmc read $bs_ram $bs_device $bs_size ;"
78*4882a593Smuzhiyun #endif
79*4882a593Smuzhiyun #else
80*4882a593Smuzhiyun #define CONFIG_BS_COPY_CMD \
81*4882a593Smuzhiyun 	"cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
82*4882a593Smuzhiyun 	"cp.b $bs_device $bs_ram  $bs_size ;"
83*4882a593Smuzhiyun #endif
84*4882a593Smuzhiyun #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
85*4882a593Smuzhiyun 
86*4882a593Smuzhiyun #ifndef CONFIG_BS_COPY_ENV
87*4882a593Smuzhiyun #define CONFIG_BS_COPY_ENV
88*4882a593Smuzhiyun #endif
89*4882a593Smuzhiyun 
90*4882a593Smuzhiyun #ifndef CONFIG_BS_COPY_CMD
91*4882a593Smuzhiyun #define CONFIG_BS_COPY_CMD
92*4882a593Smuzhiyun #endif
93*4882a593Smuzhiyun 
94*4882a593Smuzhiyun #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
95*4882a593Smuzhiyun 				CONFIG_BS_COPY_CMD \
96*4882a593Smuzhiyun 				CONFIG_SECBOOT
97*4882a593Smuzhiyun 
98*4882a593Smuzhiyun #endif
99*4882a593Smuzhiyun #endif
100