From 8f2b375b6d059403529037151e4ca834bde23937 Mon Sep 17 00:00:00 2001
From: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Date: Mon, 4 Sep 2017 12:39:12 +0530
Subject: arm64: ls1088ardb: Add distro secure boot support

Enable validation of boot.scr script prior to its execution dependent
on "secureboot" flag in environment.

Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>

diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
index a14e343..c5d4f8a 100644
--- a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
+++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
@@ -27,6 +27,15 @@ CONFIG_DM_PCI=y
 CONFIG_DM_PCI_COMPAT=y
 CONFIG_PCIE_LAYERSCAPE=y
 CONFIG_SYS_NS16550=y
+CONFIG_USB=y
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_USB_GADGET=y
+CONFIG_CMD_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_DWC3=y
+CONFIG_USB_STORAGE=y
 CONFIG_FSL_DSPI=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
 # CONFIG_DISPLAY_BOARDINFO is not set
diff --git a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig
index 2415722..f3dac27 100644
--- a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig
+++ b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig
@@ -34,6 +34,16 @@ CONFIG_FSL_DSPI=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x8b0
 CONFIG_FSL_LS_PPA=y
+CONFIG_USB=y
+CONFIG_USB_GADGET=y
+CONFIG_CMD_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_DWC3=y
+CONFIG_USB_STORAGE=y
+# CONFIG_DISPLAY_BOARDINFO is not set
+CONFIG_DISTRO_DEFAULTS=y
 CONFIG_SPL_BUILD=y
 CONFIG_PARTITIONS=y
 CONFIG_RSA=y
diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index 81dfcb6..7bd152d 100644
--- a/include/configs/ls1088ardb.h
+++ b/include/configs/ls1088ardb.h
@@ -307,36 +307,26 @@
 
 #ifndef SPL_NO_ENV
 /* Initial environment variables */
-#ifdef CONFIG_SECURE_BOOT
-#undef CONFIG_EXTRA_ENV_SETTINGS
-#define CONFIG_EXTRA_ENV_SETTINGS		\
-	"hwconfig=fsl_ddr:bank_intlv=auto\0"	\
-	"loadaddr=0x90100000\0"			\
-	"kernel_addr=0x100000\0"		\
-	"ramdisk_addr=0x800000\0"		\
-	"ramdisk_size=0x2000000\0"		\
-	"fdt_high=0xa0000000\0"			\
-	"initrd_high=0xffffffffffffffff\0"	\
-	"kernel_start=0x1000000\0"		\
-	"kernel_load=0xa0000000\0"		\
-	"kernel_size=0x2800000\0"		\
-	"mcinitcmd=sf probe 0:0;sf read 0xa0a00000 0xa00000 0x100000;"	\
-	"sf read 0xa0700000 0x700000 0x4000; esbc_validate 0xa0700000;"	\
-	"sf read 0xa0e00000 0xe00000 0x100000;"	\
-	"sf read 0xa0740000 0x740000 0x4000; esbc_validate 0xa0740000;"	\
-	"fsl_mc start mc 0xa0a00000 0xa0e00000\0"	\
-	"mcmemsize=0x70000000 \0"
-#else /* if !(CONFIG_SECURE_BOOT) */
 #if defined(CONFIG_QSPI_BOOT)
 #define MC_INIT_CMD				\
 	"mcinitcmd=sf probe 0:0;sf read 0x80000000 0xA00000 0x100000;"	\
 	"sf read 0x80100000 0xE00000 0x100000;"				\
-	"fsl_mc start mc 0x80000000 0x80100000\0"			\
+	"env exists secureboot && "			\
+	"sf read 0x80700000 0x700000 0x40000 && "	\
+	"sf read 0x80740000 0x740000 0x40000 && "	\
+	"esbc_validate 0x80700000 && "			\
+	"esbc_validate 0x80740000 ;"			\
+	"fsl_mc start mc 0x80000000 0x80100000\0"	\
 	"mcmemsize=0x70000000\0"
 #elif defined(CONFIG_SD_BOOT)
 #define MC_INIT_CMD				\
 	"mcinitcmd=mmcinfo;mmc read 0x80000000 0x5000 0x800;"		\
 	"mmc read 0x80100000 0x7000 0x800;"				\
+	"env exists secureboot && "			\
+	"mmc read 0x80700000 0x3800 0x10 && "		\
+	"mmc read 0x80740000 0x3A00 0x10 && "		\
+	"esbc_validate 0x80700000 && "			\
+	"esbc_validate 0x80740000 ;"			\
 	"fsl_mc start mc 0x80000000 0x80100000\0"			\
 	"mcmemsize=0x70000000\0"
 #endif
@@ -352,6 +342,7 @@
 	"fdt_addr=0x64f00000\0"			\
 	"kernel_addr=0x1000000\0"		\
 	"kernel_addr_sd=0x8000\0"		\
+	"kernelhdr_addr_sd=0x4000\0"		\
 	"kernel_start=0x580100000\0"		\
 	"kernelheader_start=0x580800000\0"		\
 	"scriptaddr=0x80000000\0"		\
@@ -365,6 +356,7 @@
 	"load_addr=0xa0000000\0"		\
 	"kernel_size=0x2800000\0"		\
 	"kernel_size_sd=0x14000\0"		\
+	"kernelhdr_size_sd=0x10\0"		\
 	MC_INIT_CMD				\
 	BOOTENV					\
 	"boot_scripts=ls1088ardb_boot.scr\0"	\
@@ -402,32 +394,41 @@
 		"bootm $load_addr#ls1088ardb\0"			\
 	"qspi_bootcmd=echo Trying load from qspi..;"		\
 		"sf probe && sf read $load_addr "		\
-		"$kernel_addr $kernel_size &&"			\
+		"$kernel_addr $kernel_size ; env exists secureboot "	\
+		"&& sf read $kernelheader_addr_r $kernelheader_addr "	\
+		"$kernelheader_size && esbc_validate ${kernelheader_addr_r}; "	\
 		"bootm $load_addr#$BOARD\0"			\
 	"sd_bootcmd=echo Trying load from sd card..;"		\
 		"mmcinfo; mmc read $load_addr "			\
 		"$kernel_addr_sd $kernel_size_sd ;"		\
+		"env exists secureboot && mmc read $kernelheader_addr_r "		\
+		"$kernelhdr_addr_sd $kernelhdr_size_sd "		\
+		" && esbc_validate ${kernelheader_addr_r};"	\
 		"bootm $load_addr#$BOARD\0"
 
 #undef CONFIG_BOOTCOMMAND
 #if defined(CONFIG_QSPI_BOOT)
 /* Try to boot an on-QSPI kernel first, then do normal distro boot */
 #define CONFIG_BOOTCOMMAND                                      \
-			"env exists mcinitcmd && run mcinitcmd && "	\
 			"sf read 0x80200000 0xd00000 0x100000;"	\
-			" fsl_mc apply dpl 0x80200000;"		\
-			"run distro_bootcmd;run qspi_bootcmd"
+			"env exists mcinitcmd && env exists secureboot "	\
+			" && sf read 0x80780000 0x780000 0x100000 "	\
+			"&& esbc_validate 0x80780000;env exists mcinitcmd "	\
+			"&& fsl_mc apply dpl 0x80200000;"		\
+			"run distro_bootcmd;run qspi_bootcmd;"		\
+			"env exists secureboot && esbc_halt;"
 /* Try to boot an on-SD kernel first, then do normal distro boot */
 #elif defined(CONFIG_SD_BOOT)
 #define CONFIG_BOOTCOMMAND                                      \
-			"env exists mcinitcmd && run mcinitcmd ;"	\
-			"&& env exists mcinitcmd && mmcinfo; "		\
-			"mmc read 0x88000000 0x6800 0x800; "		\
-			"&& fsl_mc apply dpl 0x88000000;"		\
-			"run distro_bootcmd;run sd_bootcmd"
+			"env exists mcinitcmd && mmcinfo; "		\
+			"mmc read 0x80200000 0x6800 0x800; "		\
+			"env exists mcinitcmd && env exists secureboot "	\
+			" && mmc read 0x80780000 0x3800 0x10 "	\
+			"&& esbc_validate 0x80780000;env exists mcinitcmd "	\
+			"&& fsl_mc apply dpl 0x80200000;"		\
+			"run distro_bootcmd;run sd_bootcmd;"		\
+			"env exists secureboot && esbc_halt;"
 #endif
-#endif
-#endif /* CONFIG_SECURE_BOOT */
 /* MAC/PHY configuration */
 #ifdef CONFIG_FSL_MC_ENET
 #define CONFIG_PHYLIB_10G
@@ -452,6 +453,7 @@
 #define CONFIG_ETHPRIME		"DPMAC1@xgmii"
 #define CONFIG_PHY_GIGE
 #endif
+#endif
 
 /*  USB  */
 #define CONFIG_HAS_FSL_XHCI_USB
-- 
cgit v0.10.2