[U-Boot] [PATCH v2 2/3] fsl: PPA: add support PPA image validation from NAND and SD
York Sun
york.sun at nxp.com
Fri Apr 21 19:33:01 UTC 2017
On 04/19/2017 05:16 AM, Sumit Garg wrote:
> Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
> Signed-off-by: Udit Agarwal <udit.agarwal at nxp.com>
> Tested-by: Vinitha Pillai <vinitha.pillai at nxp.com>
> ---
>
> Changes in v2:
> Changed order of patch 1 & 2. Also moved assignment of ppa_esbc_hdr to
> CONFIG_SYS_LS_PPA_ESBC_ADDR in XIP space as it's not required in case of
> SD/NAND.
>
> arch/arm/cpu/armv8/fsl-layerscape/ppa.c | 72 ++++++++++++++++++++++++++++++++-
> 1 file changed, 70 insertions(+), 2 deletions(-)
>
<snip>
> #ifdef CONFIG_CHAIN_OF_TRUST
> ppa_img_addr = (uintptr_t)ppa_fit_addr;
> if (fsl_check_boot_mode_secure() != 0) {
> + /*
> + * In case of failure in validation, fsl_secboot_validate
> + * would not return back in case of Production environment
> + * with ITS=1. In Development environment (ITS=0 and
> + * SB_EN=1), the function may return back in case of
> + * non-fatal failures.
> + */
> ret = fsl_secboot_validate(ppa_esbc_hdr,
> PPA_KEY_HASH,
> &ppa_img_addr);
> @@ -185,6 +249,10 @@ int ppa_init(void)
> else
> printf("PPA validation Successful\n");
> }
> +#if defined(CONFIG_SYS_LS_PPA_FW_IN_MMC) || \
> + defined(CONFIG_SYS_LS_PPA_FW_IN_NAND)
> + free(ppa_hdr_ddr);
> +#endif
> #endif
>
> #ifdef CONFIG_FSL_LSCH3
>
Do we want to return from this function if any error happens with
CONFIG_CHAIN_OF_TRUST enabled?
York
More information about the U-Boot
mailing list