xref: /rk3399_rockchip-uboot/include/config_fsl_chain_trust.h (revision f0bc2b542beef7636ea4e846fa75cd88d88c82cf) 
1 /*
2  * Copyright 2015 Freescale Semiconductor, Inc.
3  *
4  * SPDX-License-Identifier:	GPL-2.0+
5  */
6 
7 #ifndef __CONFIG_FSL_CHAIN_TRUST_H
8 #define __CONFIG_FSL_CHAIN_TRUST_H
9 
10 /* For secure boot, since ENVIRONMENT in flash/external memories is
11  * not verified, undef CONFIG_ENV_xxx and set default env
12  * (CONFIG_ENV_IS_NOWHERE)
13  */
14 #ifdef CONFIG_SECURE_BOOT
15 
16 #undef CONFIG_ENV_IS_IN_SPI_FLASH
17 
18 #endif
19 
20 #ifdef CONFIG_CHAIN_OF_TRUST
21 
22 #ifndef CONFIG_EXTRA_ENV
23 #define CONFIG_EXTRA_ENV	""
24 #endif
25 
26 /*
27  * Control should not reach back to uboot after validation of images
28  * for secure boot flow and therefore bootscript should have
29  * the bootm command. If control reaches back to uboot anyhow
30  * after validating images, core should just spin.
31  */
32 
33 /*
34  * Define the key hash for boot script here if public/private key pair used to
35  * sign bootscript are different from the SRK hash put in the fuse
36  * Example of defining KEY_HASH is
37  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
38  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
39  */
40 
41 #ifdef CONFIG_BOOTARGS
42 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
43 #else
44 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
45 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
46 #endif
47 
48 
49 #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
50 #define CONFIG_SECBOOT \
51 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
52 	CONFIG_SET_BOOTARGS	\
53 	CONFIG_EXTRA_ENV	\
54 	"esbc_validate $bs_hdraddr " \
55 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
56 	"source $img_addr;"	\
57 	"esbc_halt\0"
58 #else
59 #define CONFIG_SECBOOT \
60 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
61 	CONFIG_SET_BOOTARGS	\
62 	CONFIG_EXTRA_ENV	\
63 	"esbc_validate $bs_hdraddr;" \
64 	"source $img_addr;"	\
65 	"esbc_halt\0"
66 #endif
67 
68 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
69 #define CONFIG_BS_COPY_ENV \
70 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
71 	"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
72 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
73 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
74 	"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
75 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
76 
77 /* For secure boot flow, default environment used will be used */
78 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
79 	defined(CONFIG_SD_BOOT)
80 #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
81 #define CONFIG_BS_COPY_CMD \
82 	"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
83 	"nand read $bs_ram $bs_device $bs_size ;"
84 #elif defined(CONFIG_SD_BOOT)
85 #define CONFIG_BS_COPY_CMD \
86 	"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
87 	"mmc read $bs_ram $bs_device $bs_size ;"
88 #endif
89 #else
90 #define CONFIG_BS_COPY_CMD \
91 	"cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
92 	"cp.b $bs_device $bs_ram  $bs_size ;"
93 #endif
94 #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
95 
96 #ifndef CONFIG_BS_COPY_ENV
97 #define CONFIG_BS_COPY_ENV
98 #endif
99 
100 #ifndef CONFIG_BS_COPY_CMD
101 #define CONFIG_BS_COPY_CMD
102 #endif
103 
104 #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
105 				CONFIG_BS_COPY_CMD \
106 				CONFIG_SECBOOT
107 
108 #endif
109 #endif
110