[U-Boot] [PATCH 17/17] controlcenterdc: Make secure boot available
Mario Six
mario.six at gdsys.cc
Wed Nov 23 16:12:35 CET 2016
Make secure booting available for the controlcenterdc board (disabled by
default).
Signed-off-by: Reinhard Pfau <reinhard.pfau at gdsys.cc>
Signed-off-by: Mario Six <mario.six at gdsys.cc>
---
board/gdsys/38x/Kconfig | 9 +++++++++
board/gdsys/38x/Makefile | 15 +++++++++++++++
board/gdsys/38x/kwbimage.cfg.in | 28 ++++++++++++++++++++++++++++
3 files changed, 52 insertions(+)
diff --git a/board/gdsys/38x/Kconfig b/board/gdsys/38x/Kconfig
index dd99ac5..5bd1856 100644
--- a/board/gdsys/38x/Kconfig
+++ b/board/gdsys/38x/Kconfig
@@ -39,4 +39,13 @@ config SYS_BOOTIMAGE_DEST_ADDR
endmenu
+config SECURED_MODE_IMAGE
+ bool "build image for secured mode"
+ default false
+
+config SECURED_MODE_CSK_INDEX
+ int "index of active CSK"
+ default 0
+ depends on SECURED_MODE_IMAGE
+
endif
diff --git a/board/gdsys/38x/Makefile b/board/gdsys/38x/Makefile
index 6d17196..2260cf4 100644
--- a/board/gdsys/38x/Makefile
+++ b/board/gdsys/38x/Makefile
@@ -20,6 +20,21 @@ endif
ifneq ($(CONFIG_SPL_BOOT_DEVICE_MMC),)
KWB_CFG_BOOT_FROM=sdio
endif
+
+ifneq ($(CONFIG_SECURED_MODE_IMAGE),)
+KWB_REPLACE += CSK_INDEX
+KWB_CFG_CSK_INDEX = $(CONFIG_SECURED_MODE_CSK_INDEX)
+
+KWB_REPLACE += SEC_BOOT_DEV
+KWB_CFG_SEC_BOOT_DEV=$(patsubst "%",%, \
+ $(if $(findstring BOOT_SPI_NOR_FLASH,$(CONFIG_SPL_BOOT_DEVICE)),0x34) \
+ $(if $(findstring BOOT_SDIO_MMC_CARD,$(CONFIG_SPL_BOOT_DEVICE)),0x31) \
+ )
+
+KWB_REPLACE += SEC_FUSE_DUMP
+KWB_CFG_SEC_FUSE_DUMP = a38x
+endif
+
endif
$(src)/kwbimage.cfg: $(src)/kwbimage.cfg.in include/autoconf.mk \
diff --git a/board/gdsys/38x/kwbimage.cfg.in b/board/gdsys/38x/kwbimage.cfg.in
index 72e67d7..ebb3d32 100644
--- a/board/gdsys/38x/kwbimage.cfg.in
+++ b/board/gdsys/38x/kwbimage.cfg.in
@@ -1,5 +1,6 @@
#
# Copyright (C) 2014 Stefan Roese <sr at denx.de>
+# Copyright (C) 2015-2016 Reinhard Pfau <reinhard.pfau at gdsys.cc>
#
# Armada 38x uses version 1 image format
@@ -10,3 +11,30 @@ VERSION 1
# Binary Header (bin_hdr) with DDR3 training code
BINARY spl/u-boot-spl.bin 0000005b 00000068
+
+# Name of KAK
+KAK kwb_kak
+
+# Name of (active) CSK
+CSK kwb_csk
+
+# BoxID
+BOX_ID 0x1
+
+# FlashID
+FLASH_ID 0x1
+
+# JTAG delay
+JTAG_DELAY 5
+
+# active CSK index
+#@CSK_INDEX
+
+# whether to encode box ID and flash ID into image
+#SEC_SPECIALIZED_IMG
+
+# secured mode boot device
+#@SEC_BOOT_DEV
+
+# secured mode: dump fuse commands
+#@SEC_FUSE_DUMP
--
2.9.0
More information about the U-Boot
mailing list