xref: /rk3399_rockchip-uboot/include/config_fsl_chain_trust.h (revision 5abc1a4523a5509ce37bc3ec818b660a48f4eafd) 
1bdc22074SAneesh Bansal /*
2bdc22074SAneesh Bansal  * Copyright 2015 Freescale Semiconductor, Inc.
3bdc22074SAneesh Bansal  *
4bdc22074SAneesh Bansal  * SPDX-License-Identifier:	GPL-2.0+
5bdc22074SAneesh Bansal  */
6bdc22074SAneesh Bansal 
7bdc22074SAneesh Bansal #ifndef __CONFIG_FSL_CHAIN_TRUST_H
8bdc22074SAneesh Bansal #define __CONFIG_FSL_CHAIN_TRUST_H
9bdc22074SAneesh Bansal 
10bdc22074SAneesh Bansal #ifdef CONFIG_CHAIN_OF_TRUST
11bdc22074SAneesh Bansal 
12bdc22074SAneesh Bansal #ifndef CONFIG_EXTRA_ENV
13bdc22074SAneesh Bansal #define CONFIG_EXTRA_ENV	""
14bdc22074SAneesh Bansal #endif
15bdc22074SAneesh Bansal 
16bdc22074SAneesh Bansal /*
17bdc22074SAneesh Bansal  * Control should not reach back to uboot after validation of images
18bdc22074SAneesh Bansal  * for secure boot flow and therefore bootscript should have
19bdc22074SAneesh Bansal  * the bootm command. If control reaches back to uboot anyhow
20bdc22074SAneesh Bansal  * after validating images, core should just spin.
21bdc22074SAneesh Bansal  */
22bdc22074SAneesh Bansal 
23bdc22074SAneesh Bansal /*
24bdc22074SAneesh Bansal  * Define the key hash for boot script here if public/private key pair used to
25bdc22074SAneesh Bansal  * sign bootscript are different from the SRK hash put in the fuse
26bdc22074SAneesh Bansal  * Example of defining KEY_HASH is
27bdc22074SAneesh Bansal  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
28bdc22074SAneesh Bansal  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
29bdc22074SAneesh Bansal  */
30bdc22074SAneesh Bansal 
31*5abc1a45SSam Protsenko #ifdef CONFIG_USE_BOOTARGS
322bfe4890SSaksham Jain #define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
332bfe4890SSaksham Jain #else
342bfe4890SSaksham Jain #define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
352bfe4890SSaksham Jain 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
362bfe4890SSaksham Jain #endif
372bfe4890SSaksham Jain 
382bfe4890SSaksham Jain 
39bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
40bdc22074SAneesh Bansal #define CONFIG_SECBOOT \
41bdc22074SAneesh Bansal 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
422bfe4890SSaksham Jain 	CONFIG_SET_BOOTARGS	\
43bdc22074SAneesh Bansal 	CONFIG_EXTRA_ENV	\
44bdc22074SAneesh Bansal 	"esbc_validate $bs_hdraddr " \
45bdc22074SAneesh Bansal 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
46bdc22074SAneesh Bansal 	"source $img_addr;"	\
47bdc22074SAneesh Bansal 	"esbc_halt\0"
48bdc22074SAneesh Bansal #else
49bdc22074SAneesh Bansal #define CONFIG_SECBOOT \
50bdc22074SAneesh Bansal 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
512bfe4890SSaksham Jain 	CONFIG_SET_BOOTARGS	\
52bdc22074SAneesh Bansal 	CONFIG_EXTRA_ENV	\
53bdc22074SAneesh Bansal 	"esbc_validate $bs_hdraddr;" \
54bdc22074SAneesh Bansal 	"source $img_addr;"	\
55bdc22074SAneesh Bansal 	"esbc_halt\0"
56bdc22074SAneesh Bansal #endif
57bdc22074SAneesh Bansal 
58bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
59bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV \
60bdc22074SAneesh Bansal 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
6169d4b48cSSumit Garg 	"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
62bdc22074SAneesh Bansal 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
63bdc22074SAneesh Bansal 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
6469d4b48cSSumit Garg 	"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
65bdc22074SAneesh Bansal 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
66bdc22074SAneesh Bansal 
673f701cc5SSaksham Jain /* For secure boot flow, default environment used will be used */
68762f92a6SRuchika Gupta #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
69762f92a6SRuchika Gupta 	defined(CONFIG_SD_BOOT)
70762f92a6SRuchika Gupta #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
71bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD \
7269d4b48cSSumit Garg 	"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
7369d4b48cSSumit Garg 	"nand read $bs_ram $bs_device $bs_size ;"
7469d4b48cSSumit Garg #elif defined(CONFIG_SD_BOOT)
753f701cc5SSaksham Jain #define CONFIG_BS_COPY_CMD \
7669d4b48cSSumit Garg 	"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
7769d4b48cSSumit Garg 	"mmc read $bs_ram $bs_device $bs_size ;"
78762f92a6SRuchika Gupta #endif
79762f92a6SRuchika Gupta #else
8069d4b48cSSumit Garg #define CONFIG_BS_COPY_CMD \
8169d4b48cSSumit Garg 	"cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
8269d4b48cSSumit Garg 	"cp.b $bs_device $bs_ram  $bs_size ;"
83bdc22074SAneesh Bansal #endif
843f701cc5SSaksham Jain #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
85bdc22074SAneesh Bansal 
86bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_ENV
87bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV
88bdc22074SAneesh Bansal #endif
89bdc22074SAneesh Bansal 
90bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_CMD
91bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD
92bdc22074SAneesh Bansal #endif
93bdc22074SAneesh Bansal 
94bdc22074SAneesh Bansal #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
95bdc22074SAneesh Bansal 				CONFIG_BS_COPY_CMD \
96bdc22074SAneesh Bansal 				CONFIG_SECBOOT
97bdc22074SAneesh Bansal 
98bdc22074SAneesh Bansal #endif
99bdc22074SAneesh Bansal #endif
100