[U-Boot] [PATCH 3/4][v8] powerpc/mpc85xx: SECURE BOOT-Copy Boot Script on RAM
Aneesh Bansal
aneesh.bansal at freescale.com
Fri Jul 31 10:39:51 CEST 2015
For running Chain of Trust when doing Secure Boot from NAND,
the Bootscript header and bootscript must be copied from NAND
to RAM(DDR).
The addresses and commands for the same have been defined.
Signed-off-by: Aneesh Bansal <aneesh.bansal at freescale.com>
---
Changes in v8:
New Patchset Created
arch/powerpc/include/asm/fsl_secure_boot.h | 14 ++++++++++++++
include/config_fsl_secboot.h | 29 ++++++++++++++++++++++++++++-
include/configs/corenet_ds.h | 1 +
3 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index cc33466..6e55716 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -73,6 +73,18 @@
#endif
#ifndef CONFIG_FIT_SIGNATURE
+/* If Boot Script is not on NOR and is required to be copied on RAM */
+#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
+#define CONFIG_BS_HDR_ADDR_RAM 0x00010000
+#define CONFIG_BS_HDR_ADDR_FLASH 0x00800000
+#define CONFIG_BS_HDR_SIZE 0x00002000
+#define CONFIG_BS_ADDR_RAM 0x00012000
+#define CONFIG_BS_ADDR_FLASH 0x00802000
+#define CONFIG_BS_SIZE 0x00001000
+
+#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
+#else
+
/* The bootscript header address is different for B4860 because the NOR
* mapping is different on B4 due to reduced NOR size.
*/
@@ -88,6 +100,8 @@
#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xee020000
#endif
+#endif
+
#include <config_fsl_secboot.h>
#endif
diff --git a/include/config_fsl_secboot.h b/include/config_fsl_secboot.h
index 050b157..fc6788a 100644
--- a/include/config_fsl_secboot.h
+++ b/include/config_fsl_secboot.h
@@ -55,6 +55,22 @@
/* For secure boot flow, default environment used will be used */
#if defined(CONFIG_SYS_RAMBOOT)
+#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
+#define CONFIG_BS_COPY_ENV \
+ "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
+ "setenv bs_hdr_flash " __stringify(CONFIG_BS_HDR_ADDR_FLASH)";" \
+ "setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
+ "setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
+ "setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
+ "setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
+
+#if defined(CONFIG_RAMBOOT_NAND)
+#define CONFIG_BS_COPY_CMD \
+ "nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
+ "nand read $bs_ram $bs_flash $bs_size ;"
+#endif /* CONFIG_RAMBOOT_NAND */
+#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
+
#if defined(CONFIG_RAMBOOT_SPIFLASH)
#undef CONFIG_ENV_IS_IN_SPI_FLASH
#elif defined(CONFIG_RAMBOOT_NAND)
@@ -68,6 +84,17 @@
#define CONFIG_ENV_IS_NOWHERE
+#ifndef CONFIG_BS_COPY_ENV
+#define CONFIG_BS_COPY_ENV
+#endif
+
+#ifndef CONFIG_BS_COPY_CMD
+#define CONFIG_BS_COPY_CMD
+#endif
+
+#define CONFIG_SECBOOT_CMD CONFIG_BS_COPY_ENV \
+ CONFIG_BS_COPY_CMD \
+ CONFIG_SECBOOT
/*
* We don't want boot delay for secure boot flow
* before autoboot starts
@@ -75,7 +102,7 @@
#undef CONFIG_BOOTDELAY
#define CONFIG_BOOTDELAY 0
#undef CONFIG_BOOTCOMMAND
-#define CONFIG_BOOTCOMMAND CONFIG_SECBOOT
+#define CONFIG_BOOTCOMMAND CONFIG_SECBOOT_CMD
/*
* CONFIG_ZERO_BOOTDELAY_CHECK should not be defined for
diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h
index 7c8b73d..9aaa0f5 100644
--- a/include/configs/corenet_ds.h
+++ b/include/configs/corenet_ds.h
@@ -22,6 +22,7 @@
#ifdef CONFIG_NAND
#define CONFIG_RAMBOOT_NAND
#endif
+#define CONFIG_BOOTSCRIPT_COPY_RAM
#else
#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE
#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc
--
1.8.1.4
More information about the U-Boot
mailing list