[U-Boot] [PATCH 6/7] enable chain of trust for PowerPC platforms
Aneesh Bansal
aneesh.bansal at freescale.com
Wed Dec 23 15:55:12 CET 2015
Chain of Trust is enabled for PowerPC platforms
for Secure Boot. CONFIG_BOARD_LATE_INIT is defined.
In board_late_init(), fsl_setenv_chain_of_trust() is called which
will perform the following:
- If boot mode is non-secure, return (No Change)
- If boot mode is secure, set the following environmet variables:
bootdelay = 0 (To disable Boot Prompt)
bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
Signed-off-by: Aneesh Bansal <aneesh.bansal at freescale.com>
---
arch/powerpc/cpu/mpc85xx/cpu_init.c | 12 ++++++++++++
arch/powerpc/include/asm/fsl_secure_boot.h | 7 +++++++
2 files changed, 19 insertions(+)
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index 13a7d0f..a02f6f5 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -26,6 +26,7 @@
#include <fsl_usb.h>
#include <hwconfig.h>
#include <linux/compiler.h>
+#include <fsl_validate.h>
#include "mp.h"
#ifdef CONFIG_FSL_CAAM
#include <fsl_sec.h>
@@ -1009,3 +1010,14 @@ void cpu_secondary_init_r(void)
qe_reset();
#endif
}
+
+#ifdef CONFIG_BOARD_LATE_INIT
+int board_late_init(void)
+{
+#ifdef CONFIG_CHAIN_OF_TRUST
+ fsl_setenv_chain_of_trust();
+#endif
+
+ return 0;
+}
+#endif
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index b29246a..a4ea15c 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -13,6 +13,13 @@
#define CONFIG_CHAIN_OF_TRUST
#endif
+/* fsl_setenv_chain_of_trust() must be called from
+ * board_late_init()
+ */
+#ifndef CONFIG_BOARD_LATE_INIT
+#define CONFIG_BOARD_LATE_INIT
+#endif
+
#if defined(CONFIG_FSL_CORENET)
#define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000
#elif defined(CONFIG_BSC9132QDS)
--
1.8.1.4
More information about the U-Boot
mailing list