[U-Boot] [PATCH v3 6/7] enable chain of trust for PowerPC platforms

Ruchika Gupta ruchika.gupta at nxp.com
Wed Jan 27 13:02:33 CET 2016 


> -----Original Message-----
> From: Aneesh Bansal [mailto:aneesh.bansal at nxp.com]
> Sent: Friday, January 22, 2016 4:37 PM
> To: u-boot at lists.denx.de
> Cc: york sun <york.sun at nxp.com>; Ruchika Gupta
> <ruchika.gupta at nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha at nxp.com>; Aneesh Bansal
> <aneesh.bansal at nxp.com>
> Subject: [PATCH v3 6/7] enable chain of trust for PowerPC platforms
> 
> Chain of Trust is enabled for PowerPC platforms for Secure Boot.
> CONFIG_BOARD_LATE_INIT is defined.
> In board_late_init(), fsl_setenv_chain_of_trust() is called which will perform
> the following:
> - If boot mode is non-secure, return (No Change)
> - If boot mode is secure, set the following environmet variables:
>    bootdelay = 0 (To disable Boot Prompt)
>    bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
> 
> Signed-off-by: Aneesh Bansal <aneesh.bansal at nxp.com>
> ---
> Changes in v3:
> Protect the inclusion of file fsl_validate.h with macro
> CONFIG_CHAIN_OF_TRUST
> 
> Changes in v2:
> None (Changed the Sign-Off with New E-Mail ID)
> 
>  arch/powerpc/cpu/mpc85xx/cpu_init.c        | 14 ++++++++++++++
>  arch/powerpc/include/asm/fsl_secure_boot.h |  7 +++++++
>  2 files changed, 21 insertions(+)
> 
> diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c
> b/arch/powerpc/cpu/mpc85xx/cpu_init.c
> index 50bb86a..a4dc140 100644
> --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
> +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
> @@ -27,6 +27,9 @@
>  #include <hwconfig.h>
>  #include <linux/compiler.h>
>  #include "mp.h"
> +#ifdef CONFIG_CHAIN_OF_TRUST
> +#include <fsl_validate.h>
> +#endif
>  #ifdef CONFIG_FSL_CAAM
>  #include <fsl_sec.h>
>  #endif
> @@ -1011,3 +1014,14 @@ void cpu_secondary_init_r(void)
>  	qe_reset();
>  #endif
>  }
> +
> +#ifdef CONFIG_BOARD_LATE_INIT
> +int board_late_init(void)
> +{
> +#ifdef CONFIG_CHAIN_OF_TRUST
> +	fsl_setenv_chain_of_trust();
> +#endif
> +
> +	return 0;
> +}
> +#endif
> diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h
> b/arch/powerpc/include/asm/fsl_secure_boot.h
> index 41058d1..c45cace 100644
> --- a/arch/powerpc/include/asm/fsl_secure_boot.h
> +++ b/arch/powerpc/include/asm/fsl_secure_boot.h
> @@ -87,6 +87,13 @@
>  #define CONFIG_FSL_CAAM
>  #endif
> 
> +/* fsl_setenv_chain_of_trust() must be called from
> + * board_late_init()
> + */
> +#ifndef CONFIG_BOARD_LATE_INIT
> +#define CONFIG_BOARD_LATE_INIT
> +#endif
> +
>  /* If Boot Script is not on NOR and is required to be copied on RAM */  #ifdef
> CONFIG_BOOTSCRIPT_COPY_RAM
>  #define CONFIG_BS_HDR_ADDR_RAM		0x00010000
> --
> 1.8.1.4
Acked-by: Ruchika Gupta <ruchika.gupta at nxp.com>

More information about the U-Boot mailing list