[U-Boot] [PATCH] arm64: ls2088ardb: Add distro secure boot support

Vini Pillai vinitha.pillai at nxp.com
Fri Aug 4 09:23:21 UTC 2017 


-----Original Message-----
From: York Sun 
Sent: Friday, July 28, 2017 10:38 PM
To: Vini Pillai <vinitha.pillai at nxp.com>; u-boot at lists.denx.de
Cc: Ruchika Gupta <ruchika.gupta at nxp.com>; Prabhakar Kushwaha <prabhakar.kushwaha at nxp.com>; Sumit Garg <sumit.garg at nxp.com>; Shengzhou Liu <shengzhou.liu at nxp.com>; Priyanka Jain <priyanka.jain at nxp.com>
Subject: Re: [PATCH] arm64: ls2088ardb: Add distro secure boot support

On 06/11/2017 09:16 PM, Vinitha Pillai-B57223 wrote:
> Enable validation of boot.scr script prior to its execution dependent 
> on "secureboot" flag in environment. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
> 
> Signed-off-by: Vinitha Pillai <vinitha.pillai at nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
> ---
> 
> This patch depends on the following patch:
> 
> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
> chwork.ozlabs.org%2Fpatch%2F771211%2F&data=01%7C01%7Cyork.sun%40nxp.co
> m%7C55dc88c51ec742fae2cf08d4b149c191%7C686ea1d3bc2b4c6fa92cd99c5c30163
> 5%7C0&sdata=sWcsO%2FFpDClq73QjSjROyVYlAL6U6swULxUwu3DtedQ%3D&reserved=
> 0
> 
>   include/configs/ls2080ardb.h | 107 +++++++++++++++++++------------------------
>   1 file changed, 46 insertions(+), 61 deletions(-)
> 
> diff --git a/include/configs/ls2080ardb.h 
> b/include/configs/ls2080ardb.h index 5fb889f..20757af 100644
> --- a/include/configs/ls2080ardb.h
> +++ b/include/configs/ls2080ardb.h
> @@ -365,77 +365,37 @@ unsigned long get_board_sys_clk(void);
>   
>   #ifdef CONFIG_QSPI_BOOT
>   #define MC_INIT_CMD				\
> -	"mcinitcmd=sf probe 0:0;"		\
> -	"sf read 0x20a00000 0xA00000 0x100000;"	\
> -	"sf read 0x20e00000 0xE00000 0x100000;" \
> +	"mcinitcmd=env exists secureboot && "		\
> +	"esbc_validate 0x20700000 && "	\
> +	"esbc_validate 0x20740000;" \
>   	"fsl_mc start mc 0x20a00000 0x20e00000 \0"
>   #else
>   #define MC_INIT_CMD			\
> -	"mcinitcmd=fsl_mc start mc 0x580a00000" \
> -	" 0x580e00000 \0"
> +	"mcinitcmd=env exists secureboot && " \
> +	"esbc_validate 0x580700000 && "	\
> +	"esbc_validate 0x580740000; " \
> +	"fsl_mc start mc 0x580a00000 0x580e00000 \0"
>   #endif
>   

I have a lot of conflicts with this file. Looks like you have a patch adding MC_INIT_CMD. I will try to figure it out. Need you to test the code later.

York

Ok. Let me know when you want the testing to be done.

Vinitha

More information about the U-Boot mailing list