[U-Boot] [PATCH v2 2/3] fsl: PPA: add support PPA image validation from NAND and SD

York Sun york.sun at nxp.com
Fri Apr 21 19:33:01 UTC 2017


On 04/19/2017 05:16 AM, Sumit Garg wrote:
> Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
> Signed-off-by: Udit Agarwal <udit.agarwal at nxp.com>
> Tested-by: Vinitha Pillai <vinitha.pillai at nxp.com>
> ---
>
> Changes in v2:
> Changed order of patch 1 & 2. Also moved assignment of ppa_esbc_hdr to
> CONFIG_SYS_LS_PPA_ESBC_ADDR in XIP space as it's not required in case of
> SD/NAND.
>
>  arch/arm/cpu/armv8/fsl-layerscape/ppa.c | 72 ++++++++++++++++++++++++++++++++-
>  1 file changed, 70 insertions(+), 2 deletions(-)
>

<snip>

>  #ifdef CONFIG_CHAIN_OF_TRUST
>  	ppa_img_addr = (uintptr_t)ppa_fit_addr;
>  	if (fsl_check_boot_mode_secure() != 0) {
> +		/*
> +		 * In case of failure in validation, fsl_secboot_validate
> +		 * would not return back in case of Production environment
> +		 * with ITS=1. In Development environment (ITS=0 and
> +		 * SB_EN=1), the function may return back in case of
> +		 * non-fatal failures.
> +		 */
>  		ret = fsl_secboot_validate(ppa_esbc_hdr,
>  					   PPA_KEY_HASH,
>  					   &ppa_img_addr);
> @@ -185,6 +249,10 @@ int ppa_init(void)
>  		else
>  			printf("PPA validation Successful\n");
>  	}
> +#if defined(CONFIG_SYS_LS_PPA_FW_IN_MMC) || \
> +	defined(CONFIG_SYS_LS_PPA_FW_IN_NAND)
> +	free(ppa_hdr_ddr);
> +#endif
>  #endif
>
>  #ifdef CONFIG_FSL_LSCH3
>

Do we want to return from this function if any error happens with 
CONFIG_CHAIN_OF_TRUST enabled?

York


More information about the U-Boot mailing list