xref: /rk3399_rockchip-uboot/include/config_fsl_chain_trust.h (revision 3f701cc50a2e329e8437330bdd7316b48bd06cb8) 
1bdc22074SAneesh Bansal /*
2bdc22074SAneesh Bansal  * Copyright 2015 Freescale Semiconductor, Inc.
3bdc22074SAneesh Bansal  *
4bdc22074SAneesh Bansal  * SPDX-License-Identifier:	GPL-2.0+
5bdc22074SAneesh Bansal  */
6bdc22074SAneesh Bansal 
7bdc22074SAneesh Bansal #ifndef __CONFIG_FSL_CHAIN_TRUST_H
8bdc22074SAneesh Bansal #define __CONFIG_FSL_CHAIN_TRUST_H
9bdc22074SAneesh Bansal 
10bdc22074SAneesh Bansal /* For secure boot, since ENVIRONMENT in flash/external memories is
11bdc22074SAneesh Bansal  * not verified, undef CONFIG_ENV_xxx and set default env
12bdc22074SAneesh Bansal  * (CONFIG_ENV_IS_NOWHERE)
13bdc22074SAneesh Bansal  */
14bdc22074SAneesh Bansal #ifdef CONFIG_SECURE_BOOT
15bdc22074SAneesh Bansal 
16bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_EEPROM
17bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_NAND
18bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_MMC
19bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_SPI_FLASH
20bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_FLASH
21bdc22074SAneesh Bansal 
22bdc22074SAneesh Bansal #define CONFIG_ENV_IS_NOWHERE
23bdc22074SAneesh Bansal 
24bdc22074SAneesh Bansal #endif
25bdc22074SAneesh Bansal 
26bdc22074SAneesh Bansal #ifdef CONFIG_CHAIN_OF_TRUST
27bdc22074SAneesh Bansal 
28bdc22074SAneesh Bansal #ifndef CONFIG_EXTRA_ENV
29bdc22074SAneesh Bansal #define CONFIG_EXTRA_ENV	""
30bdc22074SAneesh Bansal #endif
31bdc22074SAneesh Bansal 
32bdc22074SAneesh Bansal /*
33bdc22074SAneesh Bansal  * Control should not reach back to uboot after validation of images
34bdc22074SAneesh Bansal  * for secure boot flow and therefore bootscript should have
35bdc22074SAneesh Bansal  * the bootm command. If control reaches back to uboot anyhow
36bdc22074SAneesh Bansal  * after validating images, core should just spin.
37bdc22074SAneesh Bansal  */
38bdc22074SAneesh Bansal 
39bdc22074SAneesh Bansal /*
40bdc22074SAneesh Bansal  * Define the key hash for boot script here if public/private key pair used to
41bdc22074SAneesh Bansal  * sign bootscript are different from the SRK hash put in the fuse
42bdc22074SAneesh Bansal  * Example of defining KEY_HASH is
43bdc22074SAneesh Bansal  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
44bdc22074SAneesh Bansal  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
45bdc22074SAneesh Bansal  */
46bdc22074SAneesh Bansal 
47bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
48bdc22074SAneesh Bansal #define CONFIG_SECBOOT \
49bdc22074SAneesh Bansal 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
50bdc22074SAneesh Bansal 	"setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "	\
51bdc22074SAneesh Bansal 	"ramdisk_size=600000\';"	\
52bdc22074SAneesh Bansal 	CONFIG_EXTRA_ENV	\
53bdc22074SAneesh Bansal 	"esbc_validate $bs_hdraddr " \
54bdc22074SAneesh Bansal 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
55bdc22074SAneesh Bansal 	"source $img_addr;"	\
56bdc22074SAneesh Bansal 	"esbc_halt\0"
57bdc22074SAneesh Bansal #else
58bdc22074SAneesh Bansal #define CONFIG_SECBOOT \
59bdc22074SAneesh Bansal 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
60bdc22074SAneesh Bansal 	"setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "	\
61bdc22074SAneesh Bansal 	"ramdisk_size=600000\';"	\
62bdc22074SAneesh Bansal 	CONFIG_EXTRA_ENV	\
63bdc22074SAneesh Bansal 	"esbc_validate $bs_hdraddr;" \
64bdc22074SAneesh Bansal 	"source $img_addr;"	\
65bdc22074SAneesh Bansal 	"esbc_halt\0"
66bdc22074SAneesh Bansal #endif
67bdc22074SAneesh Bansal 
68bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
69bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV \
70bdc22074SAneesh Bansal 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
71bdc22074SAneesh Bansal 	"setenv bs_hdr_flash " __stringify(CONFIG_BS_HDR_ADDR_FLASH)";" \
72bdc22074SAneesh Bansal 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
73bdc22074SAneesh Bansal 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
74bdc22074SAneesh Bansal 	"setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
75bdc22074SAneesh Bansal 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
76bdc22074SAneesh Bansal 
77*3f701cc5SSaksham Jain /* For secure boot flow, default environment used will be used */
78*3f701cc5SSaksham Jain #if defined(CONFIG_SYS_RAMBOOT)
79bdc22074SAneesh Bansal #if defined(CONFIG_RAMBOOT_NAND)
80bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD \
81bdc22074SAneesh Bansal 	"nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
82bdc22074SAneesh Bansal 	"nand read $bs_ram $bs_flash $bs_size ;"
83bdc22074SAneesh Bansal #endif /* CONFIG_RAMBOOT_NAND */
84*3f701cc5SSaksham Jain #else
85*3f701cc5SSaksham Jain #define CONFIG_BS_COPY_CMD \
86*3f701cc5SSaksham Jain 	"cp.b $bs_hdr_flash $bs_hdr_ram  $bs_hdr_size ;" \
87*3f701cc5SSaksham Jain 	"cp.b $bs_flash $bs_ram  $bs_size ;"
88bdc22074SAneesh Bansal #endif
89*3f701cc5SSaksham Jain #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
90bdc22074SAneesh Bansal 
91bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_ENV
92bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV
93bdc22074SAneesh Bansal #endif
94bdc22074SAneesh Bansal 
95bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_CMD
96bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD
97bdc22074SAneesh Bansal #endif
98bdc22074SAneesh Bansal 
99bdc22074SAneesh Bansal #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
100bdc22074SAneesh Bansal 				CONFIG_BS_COPY_CMD \
101bdc22074SAneesh Bansal 				CONFIG_SECBOOT
102bdc22074SAneesh Bansal 
103bdc22074SAneesh Bansal #endif
104bdc22074SAneesh Bansal #endif
105