[U-Boot] [PATCH v2] arm64: ls1012ardb: Add distro secure boot support

Sumit Garg sumit.garg at nxp.com
Wed Jan 31 05:07:42 UTC 2018 

> -----Original Message-----
> From: York Sun
> Sent: Tuesday, January 30, 2018 2:57 AM
> To: Sumit Garg <sumit.garg at nxp.com>; u-boot at lists.denx.de
> Cc: Ruchika Gupta <ruchika.gupta at nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha at nxp.com>; Vini Pillai <vinitha.pillai at nxp.com>
> Subject: Re: [PATCH v2] arm64: ls1012ardb: Add distro secure boot support
> 
> On 01/15/2018 09:34 AM, Sumit Garg wrote:
> >> From: York Sun
> >> Sent: Monday, January 15, 2018 10:59 PM
> >>
> >> On 01/08/2018 09:59 PM, Sumit Garg wrote:
> >>> From: Vinitha Pillai-B57223 <vinitha.pillai at nxp.com>
> >>>
> >>> Enable validation of boot.scr script prior to its execution
> >>> dependent on "secureboot" flag in environment. Enable fall back
> >>> option to qspi boot in case of secure boot.
> >>>
> >>> Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
> >>> Signed-off-by: Vinitha Pillai <vinitha.pillai at nxp.com>
> >>> ---
> >>>
> >>> Changes in v2:
> >>> Rebased to top of master
> >>>
> >>>  configs/ls1012ardb_qspi_SECURE_BOOT_defconfig | 14 +++++++-------
> >>>  include/configs/ls1012ardb.h                  | 20 ++++++++++++++++++--
> >>>  2 files changed, 25 insertions(+), 9 deletions(-)
> >>>
> >>> diff --git a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
> >>> b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
> >>> index b6930be..2d5d9ad 100644
> >>> --- a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
> >>> +++ b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
> >>> @@ -2,7 +2,9 @@ CONFIG_ARM=y
> >>>  CONFIG_TARGET_LS1012ARDB=y
> >>>  CONFIG_SECURE_BOOT=y
> >>>  CONFIG_FSL_LS_PPA=y
> >>> +CONFIG_QSPI_AHB_INIT=y
> >>>  CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb"
> >>> +CONFIG_DISTRO_DEFAULTS=y
> >>>  # CONFIG_SYS_MALLOC_F is not set
> >>>  CONFIG_FIT_VERBOSE=y
> >>>  CONFIG_OF_BOARD_SETUP=y
> >>> @@ -12,7 +14,7 @@ CONFIG_QSPI_BOOT=y
> >>>  CONFIG_BOOTDELAY=10
> >>>  CONFIG_USE_BOOTARGS=y
> >>>  CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0
> >> earlycon=uart8250,mmio,0x21c0500 quiet lpj=250000"
> >>> -CONFIG_HUSH_PARSER=y
> >>> +# CONFIG_DISPLAY_BOARDINFO is not set
> >>>  CONFIG_CMD_GREPENV=y
> >>>  CONFIG_CMD_GPT=y
> >>>  CONFIG_CMD_I2C=y
> >>> @@ -20,16 +22,13 @@ CONFIG_CMD_MMC=y  CONFIG_CMD_PCI=y
> >>> CONFIG_CMD_SF=y  CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is
> not set
> >>> -CONFIG_CMD_DHCP=y -CONFIG_CMD_MII=y -CONFIG_CMD_PING=y
> >>> CONFIG_CMD_CACHE=y -CONFIG_CMD_EXT2=y -CONFIG_CMD_FAT=y
> >>> CONFIG_OF_CONTROL=y
> >>> +CONFIG_ENV_IS_IN_SPI_FLASH=y
> 
> This is wrong. You shouldn't have ENV for secure boot. Please double check.
> 
> York
 
Yes you are correct. We should drop this from defconfig. Shall I send next version or could you drop it while applying the patch?

BTW we select ENV_IS_NOWHERE in case of Secure boot.

Sumit

More information about the U-Boot mailing list