[U-Boot] [PATCH v2 5/7] enable chain of trust for ARM platforms

Aneesh Bansal aneesh.bansal at nxp.com
Fri Jan 22 10:32:26 CET 2016 

> -----Original Message-----
> From: york sun
> Sent: Friday, January 22, 2016 1:52 AM
> To: Aneesh Bansal <aneesh.bansal at nxp.com>; u-boot at lists.denx.de
> Cc: Ruchika Gupta <ruchika.gupta at nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha at nxp.com>
> Subject: Re: [PATCH v2 5/7] enable chain of trust for ARM platforms
> 
> On 01/17/2016 01:42 AM, Aneesh Bansal wrote:
> > Chain of Trust is enabled for ARM platforms (LS1021 and LS1043).
> > In board_late_init(), fsl_setenv_chain_of_trust() is called which will
> > perform the following:
> > - If boot mode is non-secure, return (No Change)
> > - If boot mode is secure, set the following environmet variables:
> >    bootdelay = 0 (To disable Boot Prompt)
> >    bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
> >
> > Signed-off-by: Aneesh Bansal <aneesh.bansal at nxp.com>
> > ---
> > Changes in v2:
> > Defconfigs for Secure Boot Target are not removed
> >
> >  arch/arm/cpu/armv8/fsl-layerscape/soc.c     |  4 ++++
> >  board/freescale/common/Makefile             |  1 +
> >  board/freescale/common/fsl_chain_of_trust.c | 17 +++++++++++++++++
> >  board/freescale/ls1021aqds/ls1021aqds.c     |  4 ++++
> >  board/freescale/ls1021atwr/ls1021atwr.c     |  4 ++++
> >  include/fsl_validate.h                      |  2 ++
> >  6 files changed, 32 insertions(+)
> >
> > diff --git a/arch/arm/cpu/armv8/fsl-layerscape/soc.c
> > b/arch/arm/cpu/armv8/fsl-layerscape/soc.c
> > index 23d6b73..2f92b55 100644
> > --- a/arch/arm/cpu/armv8/fsl-layerscape/soc.c
> > +++ b/arch/arm/cpu/armv8/fsl-layerscape/soc.c
> > @@ -12,6 +12,7 @@
> >  #include <asm/io.h>
> >  #include <asm/global_data.h>
> >  #include <asm/arch-fsl-layerscape/config.h>
> > +#include <fsl_validate.h>
> 
> Does this patch depend on other patches? It causes compiling error for fsl_sec.h on ls2
> boards.
> 
> error: #error Neither CONFIG_SYS_FSL_SEC_LE nor CONFIG_SYS_FSL_SEC_BE
> is defined
> 
> York 
I have patches for LS2 to be sent on top of this patchset. I will submit a new rev of the patch in which
inclusion of <fsl_validate.h> is protected by CONFIG_CHAIN_OF_TRUST.
When we add chain of trust support for LS2, CONFIG_SYS_FSL_SEC_LE will also be defined.

Aneesh

More information about the U-Boot mailing list