1bdc22074SAneesh Bansal /* 2bdc22074SAneesh Bansal * Copyright 2015 Freescale Semiconductor, Inc. 3bdc22074SAneesh Bansal * 4bdc22074SAneesh Bansal * SPDX-License-Identifier: GPL-2.0+ 5bdc22074SAneesh Bansal */ 6bdc22074SAneesh Bansal 7bdc22074SAneesh Bansal #ifndef __CONFIG_FSL_CHAIN_TRUST_H 8bdc22074SAneesh Bansal #define __CONFIG_FSL_CHAIN_TRUST_H 9bdc22074SAneesh Bansal 10bdc22074SAneesh Bansal /* For secure boot, since ENVIRONMENT in flash/external memories is 11bdc22074SAneesh Bansal * not verified, undef CONFIG_ENV_xxx and set default env 12bdc22074SAneesh Bansal * (CONFIG_ENV_IS_NOWHERE) 13bdc22074SAneesh Bansal */ 14bdc22074SAneesh Bansal #ifdef CONFIG_SECURE_BOOT 15bdc22074SAneesh Bansal 16bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_EEPROM 17bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_NAND 18bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_MMC 19bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_SPI_FLASH 20bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_FLASH 21bdc22074SAneesh Bansal 22bdc22074SAneesh Bansal #define CONFIG_ENV_IS_NOWHERE 23bdc22074SAneesh Bansal 24bdc22074SAneesh Bansal #endif 25bdc22074SAneesh Bansal 26bdc22074SAneesh Bansal #ifdef CONFIG_CHAIN_OF_TRUST 27bdc22074SAneesh Bansal 28bdc22074SAneesh Bansal #ifndef CONFIG_EXTRA_ENV 29bdc22074SAneesh Bansal #define CONFIG_EXTRA_ENV "" 30bdc22074SAneesh Bansal #endif 31bdc22074SAneesh Bansal 32bdc22074SAneesh Bansal /* 33bdc22074SAneesh Bansal * Control should not reach back to uboot after validation of images 34bdc22074SAneesh Bansal * for secure boot flow and therefore bootscript should have 35bdc22074SAneesh Bansal * the bootm command. If control reaches back to uboot anyhow 36bdc22074SAneesh Bansal * after validating images, core should just spin. 37bdc22074SAneesh Bansal */ 38bdc22074SAneesh Bansal 39bdc22074SAneesh Bansal /* 40bdc22074SAneesh Bansal * Define the key hash for boot script here if public/private key pair used to 41bdc22074SAneesh Bansal * sign bootscript are different from the SRK hash put in the fuse 42bdc22074SAneesh Bansal * Example of defining KEY_HASH is 43bdc22074SAneesh Bansal * #define CONFIG_BOOTSCRIPT_KEY_HASH \ 44bdc22074SAneesh Bansal * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" 45bdc22074SAneesh Bansal */ 46bdc22074SAneesh Bansal 472bfe4890SSaksham Jain #ifdef CONFIG_BOOTARGS 482bfe4890SSaksham Jain #define CONFIG_SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';" 492bfe4890SSaksham Jain #else 502bfe4890SSaksham Jain #define CONFIG_SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \ 512bfe4890SSaksham Jain "rw console=ttyS0,115200 ramdisk_size=600000\';" 522bfe4890SSaksham Jain #endif 532bfe4890SSaksham Jain 542bfe4890SSaksham Jain 55bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_KEY_HASH 56bdc22074SAneesh Bansal #define CONFIG_SECBOOT \ 57bdc22074SAneesh Bansal "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ 582bfe4890SSaksham Jain CONFIG_SET_BOOTARGS \ 59bdc22074SAneesh Bansal CONFIG_EXTRA_ENV \ 60bdc22074SAneesh Bansal "esbc_validate $bs_hdraddr " \ 61bdc22074SAneesh Bansal __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \ 62bdc22074SAneesh Bansal "source $img_addr;" \ 63bdc22074SAneesh Bansal "esbc_halt\0" 64bdc22074SAneesh Bansal #else 65bdc22074SAneesh Bansal #define CONFIG_SECBOOT \ 66bdc22074SAneesh Bansal "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ 672bfe4890SSaksham Jain CONFIG_SET_BOOTARGS \ 68bdc22074SAneesh Bansal CONFIG_EXTRA_ENV \ 69bdc22074SAneesh Bansal "esbc_validate $bs_hdraddr;" \ 70bdc22074SAneesh Bansal "source $img_addr;" \ 71bdc22074SAneesh Bansal "esbc_halt\0" 72bdc22074SAneesh Bansal #endif 73bdc22074SAneesh Bansal 74bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_COPY_RAM 75bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV \ 76bdc22074SAneesh Bansal "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \ 7769d4b48cSSumit Garg "setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \ 78bdc22074SAneesh Bansal "setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \ 79bdc22074SAneesh Bansal "setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \ 8069d4b48cSSumit Garg "setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \ 81bdc22074SAneesh Bansal "setenv bs_size " __stringify(CONFIG_BS_SIZE)";" 82bdc22074SAneesh Bansal 833f701cc5SSaksham Jain /* For secure boot flow, default environment used will be used */ 84*762f92a6SRuchika Gupta #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \ 85*762f92a6SRuchika Gupta defined(CONFIG_SD_BOOT) 86*762f92a6SRuchika Gupta #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT) 87bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD \ 8869d4b48cSSumit Garg "nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \ 8969d4b48cSSumit Garg "nand read $bs_ram $bs_device $bs_size ;" 9069d4b48cSSumit Garg #elif defined(CONFIG_SD_BOOT) 913f701cc5SSaksham Jain #define CONFIG_BS_COPY_CMD \ 9269d4b48cSSumit Garg "mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \ 9369d4b48cSSumit Garg "mmc read $bs_ram $bs_device $bs_size ;" 94*762f92a6SRuchika Gupta #endif 95*762f92a6SRuchika Gupta #else 9669d4b48cSSumit Garg #define CONFIG_BS_COPY_CMD \ 9769d4b48cSSumit Garg "cp.b $bs_hdr_device $bs_hdr_ram $bs_hdr_size ;" \ 9869d4b48cSSumit Garg "cp.b $bs_device $bs_ram $bs_size ;" 99bdc22074SAneesh Bansal #endif 1003f701cc5SSaksham Jain #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */ 101bdc22074SAneesh Bansal 102bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_ENV 103bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV 104bdc22074SAneesh Bansal #endif 105bdc22074SAneesh Bansal 106bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_CMD 107bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD 108bdc22074SAneesh Bansal #endif 109bdc22074SAneesh Bansal 110bdc22074SAneesh Bansal #define CONFIG_CHAIN_BOOT_CMD CONFIG_BS_COPY_ENV \ 111bdc22074SAneesh Bansal CONFIG_BS_COPY_CMD \ 112bdc22074SAneesh Bansal CONFIG_SECBOOT 113bdc22074SAneesh Bansal 114bdc22074SAneesh Bansal #endif 115bdc22074SAneesh Bansal #endif 116