xref: /rk3399_rockchip-uboot/include/config_fsl_chain_trust.h (revision bdc22074c511def222f93d1a9d94ec95c462c062) 
1*bdc22074SAneesh Bansal /*
2*bdc22074SAneesh Bansal  * Copyright 2015 Freescale Semiconductor, Inc.
3*bdc22074SAneesh Bansal  *
4*bdc22074SAneesh Bansal  * SPDX-License-Identifier:	GPL-2.0+
5*bdc22074SAneesh Bansal  */
6*bdc22074SAneesh Bansal 
7*bdc22074SAneesh Bansal #ifndef __CONFIG_FSL_CHAIN_TRUST_H
8*bdc22074SAneesh Bansal #define __CONFIG_FSL_CHAIN_TRUST_H
9*bdc22074SAneesh Bansal 
10*bdc22074SAneesh Bansal /* For secure boot, since ENVIRONMENT in flash/external memories is
11*bdc22074SAneesh Bansal  * not verified, undef CONFIG_ENV_xxx and set default env
12*bdc22074SAneesh Bansal  * (CONFIG_ENV_IS_NOWHERE)
13*bdc22074SAneesh Bansal  */
14*bdc22074SAneesh Bansal #ifdef CONFIG_SECURE_BOOT
15*bdc22074SAneesh Bansal 
16*bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_EEPROM
17*bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_NAND
18*bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_MMC
19*bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_SPI_FLASH
20*bdc22074SAneesh Bansal #undef CONFIG_ENV_IS_IN_FLASH
21*bdc22074SAneesh Bansal 
22*bdc22074SAneesh Bansal #define CONFIG_ENV_IS_NOWHERE
23*bdc22074SAneesh Bansal 
24*bdc22074SAneesh Bansal #endif
25*bdc22074SAneesh Bansal 
26*bdc22074SAneesh Bansal #ifdef CONFIG_CHAIN_OF_TRUST
27*bdc22074SAneesh Bansal 
28*bdc22074SAneesh Bansal #ifndef CONFIG_EXTRA_ENV
29*bdc22074SAneesh Bansal #define CONFIG_EXTRA_ENV	""
30*bdc22074SAneesh Bansal #endif
31*bdc22074SAneesh Bansal 
32*bdc22074SAneesh Bansal /*
33*bdc22074SAneesh Bansal  * Control should not reach back to uboot after validation of images
34*bdc22074SAneesh Bansal  * for secure boot flow and therefore bootscript should have
35*bdc22074SAneesh Bansal  * the bootm command. If control reaches back to uboot anyhow
36*bdc22074SAneesh Bansal  * after validating images, core should just spin.
37*bdc22074SAneesh Bansal  */
38*bdc22074SAneesh Bansal 
39*bdc22074SAneesh Bansal /*
40*bdc22074SAneesh Bansal  * Define the key hash for boot script here if public/private key pair used to
41*bdc22074SAneesh Bansal  * sign bootscript are different from the SRK hash put in the fuse
42*bdc22074SAneesh Bansal  * Example of defining KEY_HASH is
43*bdc22074SAneesh Bansal  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
44*bdc22074SAneesh Bansal  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
45*bdc22074SAneesh Bansal  */
46*bdc22074SAneesh Bansal 
47*bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
48*bdc22074SAneesh Bansal #define CONFIG_SECBOOT \
49*bdc22074SAneesh Bansal 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
50*bdc22074SAneesh Bansal 	"setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "	\
51*bdc22074SAneesh Bansal 	"ramdisk_size=600000\';"	\
52*bdc22074SAneesh Bansal 	CONFIG_EXTRA_ENV	\
53*bdc22074SAneesh Bansal 	"esbc_validate $bs_hdraddr " \
54*bdc22074SAneesh Bansal 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
55*bdc22074SAneesh Bansal 	"source $img_addr;"	\
56*bdc22074SAneesh Bansal 	"esbc_halt\0"
57*bdc22074SAneesh Bansal #else
58*bdc22074SAneesh Bansal #define CONFIG_SECBOOT \
59*bdc22074SAneesh Bansal 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
60*bdc22074SAneesh Bansal 	"setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "	\
61*bdc22074SAneesh Bansal 	"ramdisk_size=600000\';"	\
62*bdc22074SAneesh Bansal 	CONFIG_EXTRA_ENV	\
63*bdc22074SAneesh Bansal 	"esbc_validate $bs_hdraddr;" \
64*bdc22074SAneesh Bansal 	"source $img_addr;"	\
65*bdc22074SAneesh Bansal 	"esbc_halt\0"
66*bdc22074SAneesh Bansal #endif
67*bdc22074SAneesh Bansal 
68*bdc22074SAneesh Bansal /* For secure boot flow, default environment used will be used */
69*bdc22074SAneesh Bansal #if defined(CONFIG_SYS_RAMBOOT)
70*bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
71*bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV \
72*bdc22074SAneesh Bansal 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
73*bdc22074SAneesh Bansal 	"setenv bs_hdr_flash " __stringify(CONFIG_BS_HDR_ADDR_FLASH)";" \
74*bdc22074SAneesh Bansal 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
75*bdc22074SAneesh Bansal 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
76*bdc22074SAneesh Bansal 	"setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
77*bdc22074SAneesh Bansal 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
78*bdc22074SAneesh Bansal 
79*bdc22074SAneesh Bansal #if defined(CONFIG_RAMBOOT_NAND)
80*bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD \
81*bdc22074SAneesh Bansal 	"nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
82*bdc22074SAneesh Bansal 	"nand read $bs_ram $bs_flash $bs_size ;"
83*bdc22074SAneesh Bansal #endif /* CONFIG_RAMBOOT_NAND */
84*bdc22074SAneesh Bansal #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
85*bdc22074SAneesh Bansal 
86*bdc22074SAneesh Bansal #endif
87*bdc22074SAneesh Bansal 
88*bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_ENV
89*bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV
90*bdc22074SAneesh Bansal #endif
91*bdc22074SAneesh Bansal 
92*bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_CMD
93*bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD
94*bdc22074SAneesh Bansal #endif
95*bdc22074SAneesh Bansal 
96*bdc22074SAneesh Bansal #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
97*bdc22074SAneesh Bansal 				CONFIG_BS_COPY_CMD \
98*bdc22074SAneesh Bansal 				CONFIG_SECBOOT
99*bdc22074SAneesh Bansal 
100*bdc22074SAneesh Bansal #endif
101*bdc22074SAneesh Bansal #endif
102