summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPrabhakar Kushwaha <prabhakar.kushwaha@nxp.com>2017-09-04 07:09:12 (GMT)
committerPrabhakar Kushwaha <prabhakar.kushwaha@nxp.com>2017-09-04 07:09:12 (GMT)
commit8f2b375b6d059403529037151e4ca834bde23937 (patch)
treeb9c0e11522835d9089f0c5c24cb13cb37fe3fffe
parent7f1843cb87f2a9797bb3a24232c350987584531d (diff)
downloadu-boot-8f2b375b6d059403529037151e4ca834bde23937.tar.xz
arm64: ls1088ardb: Add distro secure boot support
Enable validation of boot.scr script prior to its execution dependent on "secureboot" flag in environment. Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
-rw-r--r--configs/ls1088ardb_qspi_SECURE_BOOT_defconfig9
-rw-r--r--configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig10
-rw-r--r--include/configs/ls1088ardb.h66
3 files changed, 53 insertions, 32 deletions
diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
index a14e343..c5d4f8a 100644
--- a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
+++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
@@ -27,6 +27,15 @@ CONFIG_DM_PCI=y
CONFIG_DM_PCI_COMPAT=y
CONFIG_PCIE_LAYERSCAPE=y
CONFIG_SYS_NS16550=y
+CONFIG_USB=y
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_USB_GADGET=y
+CONFIG_CMD_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_DWC3=y
+CONFIG_USB_STORAGE=y
CONFIG_FSL_DSPI=y
CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
# CONFIG_DISPLAY_BOARDINFO is not set
diff --git a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig
index 2415722..f3dac27 100644
--- a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig
+++ b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig
@@ -34,6 +34,16 @@ CONFIG_FSL_DSPI=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x8b0
CONFIG_FSL_LS_PPA=y
+CONFIG_USB=y
+CONFIG_USB_GADGET=y
+CONFIG_CMD_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_DWC3=y
+CONFIG_USB_STORAGE=y
+# CONFIG_DISPLAY_BOARDINFO is not set
+CONFIG_DISTRO_DEFAULTS=y
CONFIG_SPL_BUILD=y
CONFIG_PARTITIONS=y
CONFIG_RSA=y
diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index 81dfcb6..7bd152d 100644
--- a/include/configs/ls1088ardb.h
+++ b/include/configs/ls1088ardb.h
@@ -307,36 +307,26 @@
#ifndef SPL_NO_ENV
/* Initial environment variables */
-#ifdef CONFIG_SECURE_BOOT
-#undef CONFIG_EXTRA_ENV_SETTINGS
-#define CONFIG_EXTRA_ENV_SETTINGS \
- "hwconfig=fsl_ddr:bank_intlv=auto\0" \
- "loadaddr=0x90100000\0" \
- "kernel_addr=0x100000\0" \
- "ramdisk_addr=0x800000\0" \
- "ramdisk_size=0x2000000\0" \
- "fdt_high=0xa0000000\0" \
- "initrd_high=0xffffffffffffffff\0" \
- "kernel_start=0x1000000\0" \
- "kernel_load=0xa0000000\0" \
- "kernel_size=0x2800000\0" \
- "mcinitcmd=sf probe 0:0;sf read 0xa0a00000 0xa00000 0x100000;" \
- "sf read 0xa0700000 0x700000 0x4000; esbc_validate 0xa0700000;" \
- "sf read 0xa0e00000 0xe00000 0x100000;" \
- "sf read 0xa0740000 0x740000 0x4000; esbc_validate 0xa0740000;" \
- "fsl_mc start mc 0xa0a00000 0xa0e00000\0" \
- "mcmemsize=0x70000000 \0"
-#else /* if !(CONFIG_SECURE_BOOT) */
#if defined(CONFIG_QSPI_BOOT)
#define MC_INIT_CMD \
"mcinitcmd=sf probe 0:0;sf read 0x80000000 0xA00000 0x100000;" \
"sf read 0x80100000 0xE00000 0x100000;" \
- "fsl_mc start mc 0x80000000 0x80100000\0" \
+ "env exists secureboot && " \
+ "sf read 0x80700000 0x700000 0x40000 && " \
+ "sf read 0x80740000 0x740000 0x40000 && " \
+ "esbc_validate 0x80700000 && " \
+ "esbc_validate 0x80740000 ;" \
+ "fsl_mc start mc 0x80000000 0x80100000\0" \
"mcmemsize=0x70000000\0"
#elif defined(CONFIG_SD_BOOT)
#define MC_INIT_CMD \
"mcinitcmd=mmcinfo;mmc read 0x80000000 0x5000 0x800;" \
"mmc read 0x80100000 0x7000 0x800;" \
+ "env exists secureboot && " \
+ "mmc read 0x80700000 0x3800 0x10 && " \
+ "mmc read 0x80740000 0x3A00 0x10 && " \
+ "esbc_validate 0x80700000 && " \
+ "esbc_validate 0x80740000 ;" \
"fsl_mc start mc 0x80000000 0x80100000\0" \
"mcmemsize=0x70000000\0"
#endif
@@ -352,6 +342,7 @@
"fdt_addr=0x64f00000\0" \
"kernel_addr=0x1000000\0" \
"kernel_addr_sd=0x8000\0" \
+ "kernelhdr_addr_sd=0x4000\0" \
"kernel_start=0x580100000\0" \
"kernelheader_start=0x580800000\0" \
"scriptaddr=0x80000000\0" \
@@ -365,6 +356,7 @@
"load_addr=0xa0000000\0" \
"kernel_size=0x2800000\0" \
"kernel_size_sd=0x14000\0" \
+ "kernelhdr_size_sd=0x10\0" \
MC_INIT_CMD \
BOOTENV \
"boot_scripts=ls1088ardb_boot.scr\0" \
@@ -402,32 +394,41 @@
"bootm $load_addr#ls1088ardb\0" \
"qspi_bootcmd=echo Trying load from qspi..;" \
"sf probe && sf read $load_addr " \
- "$kernel_addr $kernel_size &&" \
+ "$kernel_addr $kernel_size ; env exists secureboot " \
+ "&& sf read $kernelheader_addr_r $kernelheader_addr " \
+ "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
"bootm $load_addr#$BOARD\0" \
"sd_bootcmd=echo Trying load from sd card..;" \
"mmcinfo; mmc read $load_addr " \
"$kernel_addr_sd $kernel_size_sd ;" \
+ "env exists secureboot && mmc read $kernelheader_addr_r " \
+ "$kernelhdr_addr_sd $kernelhdr_size_sd " \
+ " && esbc_validate ${kernelheader_addr_r};" \
"bootm $load_addr#$BOARD\0"
#undef CONFIG_BOOTCOMMAND
#if defined(CONFIG_QSPI_BOOT)
/* Try to boot an on-QSPI kernel first, then do normal distro boot */
#define CONFIG_BOOTCOMMAND \
- "env exists mcinitcmd && run mcinitcmd && " \
"sf read 0x80200000 0xd00000 0x100000;" \
- " fsl_mc apply dpl 0x80200000;" \
- "run distro_bootcmd;run qspi_bootcmd"
+ "env exists mcinitcmd && env exists secureboot " \
+ " && sf read 0x80780000 0x780000 0x100000 " \
+ "&& esbc_validate 0x80780000;env exists mcinitcmd " \
+ "&& fsl_mc apply dpl 0x80200000;" \
+ "run distro_bootcmd;run qspi_bootcmd;" \
+ "env exists secureboot && esbc_halt;"
/* Try to boot an on-SD kernel first, then do normal distro boot */
#elif defined(CONFIG_SD_BOOT)
#define CONFIG_BOOTCOMMAND \
- "env exists mcinitcmd && run mcinitcmd ;" \
- "&& env exists mcinitcmd && mmcinfo; " \
- "mmc read 0x88000000 0x6800 0x800; " \
- "&& fsl_mc apply dpl 0x88000000;" \
- "run distro_bootcmd;run sd_bootcmd"
+ "env exists mcinitcmd && mmcinfo; " \
+ "mmc read 0x80200000 0x6800 0x800; " \
+ "env exists mcinitcmd && env exists secureboot " \
+ " && mmc read 0x80780000 0x3800 0x10 " \
+ "&& esbc_validate 0x80780000;env exists mcinitcmd " \
+ "&& fsl_mc apply dpl 0x80200000;" \
+ "run distro_bootcmd;run sd_bootcmd;" \
+ "env exists secureboot && esbc_halt;"
#endif
-#endif
-#endif /* CONFIG_SECURE_BOOT */
/* MAC/PHY configuration */
#ifdef CONFIG_FSL_MC_ENET
#define CONFIG_PHYLIB_10G
@@ -452,6 +453,7 @@
#define CONFIG_ETHPRIME "DPMAC1@xgmii"
#define CONFIG_PHY_GIGE
#endif
+#endif
/* USB */
#define CONFIG_HAS_FSL_XHCI_USB