xref: /rk3399_rockchip-uboot/include/config_fsl_chain_trust.h (revision 2be296538e2e9d2893dc495b3fc8f9f6acb1454c) 
1 /*
2  * Copyright 2015 Freescale Semiconductor, Inc.
3  *
4  * SPDX-License-Identifier:	GPL-2.0+
5  */
6 
7 #ifndef __CONFIG_FSL_CHAIN_TRUST_H
8 #define __CONFIG_FSL_CHAIN_TRUST_H
9 
10 /* For secure boot, since ENVIRONMENT in flash/external memories is
11  * not verified, undef CONFIG_ENV_xxx and set default env
12  * (CONFIG_ENV_IS_NOWHERE)
13  */
14 #ifdef CONFIG_SECURE_BOOT
15 
16 #undef CONFIG_ENV_IS_IN_EEPROM
17 #undef CONFIG_ENV_IS_IN_SPI_FLASH
18 #undef CONFIG_ENV_IS_IN_FLASH
19 
20 #endif
21 
22 #ifdef CONFIG_CHAIN_OF_TRUST
23 
24 #ifndef CONFIG_EXTRA_ENV
25 #define CONFIG_EXTRA_ENV	""
26 #endif
27 
28 /*
29  * Control should not reach back to uboot after validation of images
30  * for secure boot flow and therefore bootscript should have
31  * the bootm command. If control reaches back to uboot anyhow
32  * after validating images, core should just spin.
33  */
34 
35 /*
36  * Define the key hash for boot script here if public/private key pair used to
37  * sign bootscript are different from the SRK hash put in the fuse
38  * Example of defining KEY_HASH is
39  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
40  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
41  */
42 
43 #ifdef CONFIG_BOOTARGS
44 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
45 #else
46 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
47 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
48 #endif
49 
50 
51 #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
52 #define CONFIG_SECBOOT \
53 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
54 	CONFIG_SET_BOOTARGS	\
55 	CONFIG_EXTRA_ENV	\
56 	"esbc_validate $bs_hdraddr " \
57 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
58 	"source $img_addr;"	\
59 	"esbc_halt\0"
60 #else
61 #define CONFIG_SECBOOT \
62 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
63 	CONFIG_SET_BOOTARGS	\
64 	CONFIG_EXTRA_ENV	\
65 	"esbc_validate $bs_hdraddr;" \
66 	"source $img_addr;"	\
67 	"esbc_halt\0"
68 #endif
69 
70 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
71 #define CONFIG_BS_COPY_ENV \
72 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
73 	"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
74 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
75 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
76 	"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
77 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
78 
79 /* For secure boot flow, default environment used will be used */
80 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
81 	defined(CONFIG_SD_BOOT)
82 #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
83 #define CONFIG_BS_COPY_CMD \
84 	"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
85 	"nand read $bs_ram $bs_device $bs_size ;"
86 #elif defined(CONFIG_SD_BOOT)
87 #define CONFIG_BS_COPY_CMD \
88 	"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
89 	"mmc read $bs_ram $bs_device $bs_size ;"
90 #endif
91 #else
92 #define CONFIG_BS_COPY_CMD \
93 	"cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
94 	"cp.b $bs_device $bs_ram  $bs_size ;"
95 #endif
96 #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
97 
98 #ifndef CONFIG_BS_COPY_ENV
99 #define CONFIG_BS_COPY_ENV
100 #endif
101 
102 #ifndef CONFIG_BS_COPY_CMD
103 #define CONFIG_BS_COPY_CMD
104 #endif
105 
106 #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
107 				CONFIG_BS_COPY_CMD \
108 				CONFIG_SECBOOT
109 
110 #endif
111 #endif
112