[U-Boot] [PATCH 1/3] powerpc/p1010rdb: SECURE BOOT- define CONFIG_SYS_RAMBOOT for NAND boot

aneesh.bansal at freescale.com aneesh.bansal at freescale.com
Tue Jan 28 05:47:21 CET 2014 

I think I have caused some confusion when trying to explain. I will try and elaborate on it further. Please see inline.


> -----Original Message-----
> From: Wolfgang Denk [mailto:wd at denx.de]
> Sent: Monday, January 27, 2014 7:52 PM
> To: Bansal Aneesh-B39320
> Cc: Wood Scott-B07421; u-boot at lists.denx.de; Sun York-R58495
> Subject: Re: [U-Boot] [PATCH 1/3] powerpc/p1010rdb: SECURE BOOT- define
> CONFIG_SYS_RAMBOOT for NAND boot
> 
> Dear "aneesh.bansal at freescale.com",
> 
> In message
> <680c371d651d49a08b33ddd4d01fb3bd at DM2PR03MB415.namprd03.prod.outlook.com>
> you wrote:
> > >> In case of secure boot, boot from NAND is ramboot.
> > >> It was removed by some other commit. So defining it again.
> > >
> > >In case of not-secure-boot, it's not ramboot.
> > >
> > >What user of CONFIG_SYS_RAMBOOT are you concerned about?  Many of
> > >them look like this:
> > >
> > >#elif !defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SECURE_BOOT)
> > >
> > >...which doesn't make sense if secure boot is always considered
> ramboot.

This code snippet is from the file start.S. This for the scenarios when
1.  We are NOT booting from RAM and 
2.  Secure booting is configured

i.e. the above case  is for secure Boot from NOR.

> > >
> > >-Scott
> >
> > CONFIG_SYS_RAMBOOT is for secure boot from NAND, SPI and SD.
> 
> This is a misuse of the variable.  The established meaning does NOT
> include booding from standard boot media like NAND, SPI and SD.  It
> refers to booting from RAM "directly", after the image has been placed
> into RAM by "external" means, say by a JTAG debugger, or by copying it to
> a PCI card's memory.
> 
> Please avoid such misleading usage.
> 
> Best regards,
> 
> Wolfgang Denk
> 
> --
> DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
> Time is a drug. Too much of it kills you.
>                                       - Terry Pratchett, _Small Gods_
> 

Sorry for the misleading statement. Yes, CONFIG_SYS_RAMBOOT is for booting from RAM directly and we have used it for the same purpose in the patch. Let me try and explain.

What I meant is that for P1010 like platforms  for normal (non-secure) boot in case of NAND, we don’t use the CONFIG_SYS_RAMBOOT as we don’t boot from RAM directly in this case. 

However in case of secure boot, even for NAND, we boot from RAM directly with boot ROM (ISBC) code copying the image from NAND to RAM. So in P1010RDB.h config file, for NAND Secure boot, we have defined CONFIG_RAMBOOT_NAND and then further are enabling CONFIG_SYS_RAMBOOT for the same.

#ifdef CONFIG_NAND_SECBOOT	/* NAND Boot */
#define CONFIG_RAMBOOT_NAND
.
.
.
#if defined(CONFIG_RAMBOOT_SDCARD) || defined(CONFIG_RAMBOOT_SPIFLASH) || \
	defined(CONFIG_RAMBOOT_NAND)
#define CONFIG_SYS_RAMBOOT

Regards,
Aneesh Bansal

More information about the U-Boot mailing list