[U-Boot] [PATCH] SECURE BOOT: Add fall back option
Vinitha Pillai-B57223
vinitha.pillai at nxp.com
Mon Nov 20 06:47:01 UTC 2017
Add nor/sd/qspi fall back option for LS1043, LS1046, LS1021
Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai at nxp.com>
This patch depends on the following patches
https://patchwork.ozlabs.org/patch/836267/
https://patchwork.ozlabs.org/patch/836264/
https://patchwork.ozlabs.org/patch/836265/
---
include/configs/ls1021atwr.h | 33 ++++++++++++++++++++++++---------
include/configs/ls1043a_common.h | 31 ++++++++++++++++++++++---------
include/configs/ls1046a_common.h | 12 +++++++++++-
include/configs/ls1046ardb.h | 8 ++++----
4 files changed, 61 insertions(+), 23 deletions(-)
diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h
index 5be61ad..3db7ef1 100644
--- a/include/configs/ls1021atwr.h
+++ b/include/configs/ls1021atwr.h
@@ -420,16 +420,22 @@
"initrd_high=0xffffffff\0" \
"fdt_high=0xffffffff\0" \
"fdt_addr=0x64f00000\0" \
- "kernel_addr=0x65000000\0" \
+ "kernel_addr=0x61000000\0" \
+ "kernelheader_addr=0x60800000\0" \
"scriptaddr=0x80000000\0" \
"scripthdraddr=0x80080000\0" \
"fdtheader_addr_r=0x80100000\0" \
"kernelheader_addr_r=0x80200000\0" \
"kernel_addr_r=0x81000000\0" \
+ "kernelheader_size=0x40000\0" \
"fdt_addr_r=0x90000000\0" \
"ramdisk_addr_r=0xa0000000\0" \
"load_addr=0xa0000000\0" \
"kernel_size=0x2800000\0" \
+ "kernel_addr_sd=0x8000\0" \
+ "kernel_size_sd=0x14000\0" \
+ "kernelhdr_addr_sd=0x4000\0" \
+ "kernelhdr_size_sd=0x10\0" \
BOOTENV \
"boot_scripts=ls1021atwr_boot.scr\0" \
"boot_script_hdr=hdr_ls1021atwr_bs.out\0" \
@@ -460,26 +466,35 @@
"source ${scriptaddr}\0" \
"qspi_bootcmd=echo Trying load from qspi..;" \
"sf probe && sf read $load_addr " \
- "$kernel_addr $kernel_size && bootm $load_addr#$board\0" \
+ "$kernel_addr $kernel_size; env exists secureboot " \
+ "&& sf read $kernelheader_addr_r $kernelheader_addr " \
+ "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
+ "bootm $load_addr#$board\0" \
"nor_bootcmd=echo Trying load from nor..;" \
"cp.b $kernel_addr $load_addr " \
- "$kernel_size && bootm $load_addr#$board\0" \
+ "$kernel_size; env exists secureboot " \
+ "&& cp.b $kernelheader_addr $kernelheader_addr_r " \
+ "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
+ "bootm $load_addr#$board\0" \
"sd_bootcmd=echo Trying load from SD ..;" \
"mmcinfo && mmc read $load_addr " \
"$kernel_addr_sd $kernel_size_sd && " \
+ "env exists secureboot && mmc read $kernelheader_addr_r " \
+ "$kernelhdr_addr_sd $kernelhdr_size_sd " \
+ " && esbc_validate ${kernelheader_addr_r};" \
"bootm $load_addr#$board\0"
#endif
#undef CONFIG_BOOTCOMMAND
#if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
- "&& esbc_halt; run qspi_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd" \
+ "env exists secureboot && esbc_halt"
#elif defined(CONFIG_SD_BOOT)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
- "&& esbc_halt; run sd_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run sd_bootcmd; " \
+ "env exists secureboot && esbc_halt;"
#else
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
- "&& esbc_halt; run nor_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run nor_bootcmd;" \
+ "env exists secureboot && esbc_halt;"
#endif
/*
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index f0176d9..aa97b07 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -252,7 +252,7 @@
"fdt_high=0xffffffffffffffff\0" \
"initrd_high=0xffffffffffffffff\0" \
"fdt_addr=0x64f00000\0" \
- "kernel_addr=0x65000000\0" \
+ "kernel_addr=0x61000000\0" \
"scriptaddr=0x80000000\0" \
"scripthdraddr=0x80080000\0" \
"fdtheader_addr_r=0x80100000\0" \
@@ -260,9 +260,13 @@
"kernel_addr_r=0x81000000\0" \
"fdt_addr_r=0x90000000\0" \
"load_addr=0xa0000000\0" \
+ "kernelheader_addr=0x60800000\0" \
"kernel_size=0x2800000\0" \
+ "kernelheader_size=0x40000\0" \
"kernel_addr_sd=0x8000\0" \
"kernel_size_sd=0x14000\0" \
+ "kernelhdr_addr_sd=0x4000\0" \
+ "kernelhdr_size_sd=0x10\0" \
"console=ttyS0,115200\0" \
"boot_os=y\0" \
"mtdparts=" CONFIG_MTDPARTS_DEFAULT "\0" \
@@ -295,26 +299,35 @@
"source ${scriptaddr}\0" \
"qspi_bootcmd=echo Trying load from qspi..;" \
"sf probe && sf read $load_addr " \
- "$kernel_addr $kernel_size && bootm $load_addr#$board\0" \
+ "$kernel_addr $kernel_size; env exists secureboot " \
+ "&& sf read $kernelheader_addr_r $kernelheader_addr " \
+ "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
+ "bootm $load_addr#$board\0" \
"nor_bootcmd=echo Trying load from nor..;" \
"cp.b $kernel_addr $load_addr " \
- "$kernel_size && bootm $load_addr#$board\0" \
+ "$kernel_size; env exists secureboot " \
+ "&& cp.b $kernelheader_addr $kernelheader_addr_r " \
+ "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
+ "bootm $load_addr#$board\0" \
"sd_bootcmd=echo Trying load from SD ..;" \
"mmcinfo; mmc read $load_addr " \
"$kernel_addr_sd $kernel_size_sd && " \
+ "env exists secureboot && mmc read $kernelheader_addr_r " \
+ "$kernelhdr_addr_sd $kernelhdr_size_sd " \
+ " && esbc_validate ${kernelheader_addr_r};" \
"bootm $load_addr#$board\0"
#undef CONFIG_BOOTCOMMAND
#if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
- "&& esbc_halt; run qspi_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd; " \
+ "env exists secureboot && esbc_halt;"
#elif defined(CONFIG_SD_BOOT)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
- "&& esbc_halt; run sd_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run sd_bootcmd; " \
+ "env exists secureboot && esbc_halt;"
#else
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
- "&& esbc_halt; run nor_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run nor_bootcmd; " \
+ "env exists secureboot && esbc_halt;"
#endif
#endif
diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h
index 4073eef..ec1d6c6 100644
--- a/include/configs/ls1046a_common.h
+++ b/include/configs/ls1046a_common.h
@@ -225,10 +225,14 @@
"fdt_addr_r=0x90000000\0" \
"ramdisk_addr_r=0xa0000000\0" \
"kernel_start=0x1000000\0" \
+ "kernelheader_start=0x800000\0" \
"kernel_load=0xa0000000\0" \
"kernel_size=0x2800000\0" \
+ "kernelheader_size=0x40000\0" \
"kernel_addr_sd=0x8000\0" \
"kernel_size_sd=0x14000\0" \
+ "kernelhdr_addr_sd=0x4000\0" \
+ "kernelhdr_size_sd=0x10\0" \
"console=ttyS0,115200\0" \
CONFIG_MTDPARTS_DEFAULT "\0" \
BOOTENV \
@@ -261,10 +265,16 @@
"source ${scriptaddr}\0" \
"qspi_bootcmd=echo Trying load from qspi..;" \
"sf probe && sf read $load_addr " \
- "$kernel_start $kernel_size && bootm $load_addr#$board\0" \
+ "$kernel_start $kernel_size; env exists secureboot " \
+ "&& sf read $kernelheader_addr_r $kernelheader_start " \
+ "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
+ "bootm $load_addr#$board\0" \
"sd_bootcmd=echo Trying load from SD ..;" \
"mmcinfo; mmc read $load_addr " \
"$kernel_addr_sd $kernel_size_sd && " \
+ "env exists secureboot && mmc read $kernelheader_addr_r " \
+ "$kernelhdr_addr_sd $kernelhdr_size_sd " \
+ " && esbc_validate ${kernelheader_addr_r};" \
"bootm $load_addr#$board\0"
#endif
diff --git a/include/configs/ls1046ardb.h b/include/configs/ls1046ardb.h
index d001b80..5afd5c6 100644
--- a/include/configs/ls1046ardb.h
+++ b/include/configs/ls1046ardb.h
@@ -226,11 +226,11 @@
#ifndef SPL_NO_MISC
#undef CONFIG_BOOTCOMMAND
#if defined(CONFIG_QSPI_BOOT)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
- "&& esbc_halt; run qspi_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd; " \
+ "env exists secureboot && esbc_halt;;"
#elif defined(CONFIG_SD_BOOT)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
- "&& esbc_halt; run sd_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run sd_bootcmd; " \
+ "env exists secureboot && esbc_halt;"
#endif
#endif
--
2.7.4
More information about the U-Boot
mailing list