[U-Boot] [Patch v2] armv8: Secure Boot: Modify boot_a_script definition

[Udit Agarwal]

From: Vinitha V Pillai <vinitha.pillai at nxp.com>

boot_script_hdr does not exist, it should not continue to
boot. So adding separate validation after loading boot_script.

The secure boot validation of the bootscript header will fail
and halts the further execution of commands which prevent
source command from execution.

Signed-off-by: Vinitha V Pillai <vinitha.pillai at nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal at nxp.com>
---
Changes in V2:
Corrects commit message to add more clarity.

 include/configs/ls1012afrwy.h    | 3 ++-
 include/configs/ls1012ardb.h     | 3 ++-
 include/configs/ls1021atwr.h     | 3 ++-
 include/configs/ls1043a_common.h | 3 ++-
 include/configs/ls1046a_common.h | 5 +++--
 include/configs/ls1088ardb.h     | 3 ++-
 include/configs/ls2080ardb.h     | 3 ++-
 7 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h
index ebb1df41c7..12e6437a05 100644
--- a/include/configs/ls1012afrwy.h
+++ b/include/configs/ls1012afrwy.h
@@ -98,7 +98,8 @@
 			"${scriptaddr} ${prefix}${script}; "    \
 		"env exists secureboot && load ${devtype} "     \
 			"${devnum}:${distro_bootpart} "		\
-			"${scripthdraddr} ${prefix}${boot_script_hdr} " \
+			"${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+			"env exists secureboot "	\
 			"&& esbc_validate ${scripthdraddr};"    \
 		"source ${scriptaddr}\0"	  \
 	"installer=load mmc 0:2 $load_addr "	\
diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h
index f149a604cf..f6640fa499 100644
--- a/include/configs/ls1012ardb.h
+++ b/include/configs/ls1012ardb.h
@@ -98,7 +98,8 @@
 			"${scriptaddr} ${prefix}${script}; "    \
 		"env exists secureboot && load ${devtype} "     \
 			"${devnum}:${distro_bootpart} "		\
-			"${scripthdraddr} ${prefix}${boot_script_hdr} " \
+			"${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+			"env exists secureboot "	\
 			"&& esbc_validate ${scripthdraddr};"    \
 		"source ${scriptaddr}\0"	  \
 	"installer=load mmc 0:2 $load_addr "	\
diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h
index da55bf2f43..2616f4aa5c 100644
--- a/include/configs/ls1021atwr.h
+++ b/include/configs/ls1021atwr.h
@@ -364,7 +364,8 @@
 			"${scriptaddr} ${prefix}${script}; "    \
 		"env exists secureboot && load ${devtype} "     \
 			"${devnum}:${distro_bootpart} "		\
-			"${scripthdraddr} ${prefix}${boot_script_hdr} " \
+			"${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+			"env exists secureboot "	\
 			"&& esbc_validate ${scripthdraddr};"    \
 		"source ${scriptaddr}\0"	  \
 	"installer=load mmc 0:2 $load_addr "	\
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index 2e9d476483..8618a5f182 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -275,7 +275,8 @@
 			"${scriptaddr} ${prefix}${script}; "	\
 		"env exists secureboot && load ${devtype} "	\
 			"${devnum}:${distro_bootpart} "		\
-			"${scripthdraddr} ${prefix}${boot_script_hdr} "	\
+			"${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+			"env exists secureboot "	\
 			"&& esbc_validate ${scripthdraddr};"	\
 		"source ${scriptaddr}\0"			\
 	"qspi_bootcmd=echo Trying load from qspi..;"	\
diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h
index 24ff2d1547..e4e71b24d4 100644
--- a/include/configs/ls1046a_common.h
+++ b/include/configs/ls1046a_common.h
@@ -256,8 +256,9 @@
 			"${scriptaddr} ${prefix}${script}; "    \
 		"env exists secureboot && load ${devtype} "     \
 			"${devnum}:${distro_bootpart} "		\
-			"${scripthdraddr} ${prefix}${boot_script_hdr} " \
-			"&& esbc_validate ${scripthdraddr};"    \
+			"${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+			"env exists secureboot "	\
+			"&& esbc_validate ${scripthdraddr};"	\
 		"source ${scriptaddr}\0"	  \
 	"qspi_bootcmd=echo Trying load from qspi..;"      \
 		"sf probe && sf read $load_addr "         \
diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index 45af087dc6..322adb530a 100644
--- a/include/configs/ls1088ardb.h
+++ b/include/configs/ls1088ardb.h
@@ -398,7 +398,8 @@
 		"${scriptaddr} ${prefix}${script}; "		\
 	"env exists secureboot && load ${devtype} "		\
 		"${devnum}:${distro_bootpart} "			\
-		"${scripthdraddr} ${prefix}${boot_script_hdr} " \
+		"${scripthdraddr} ${prefix}${boot_script_hdr}; "\
+		"env exists secureboot "			\
 		"&& esbc_validate ${scripthdraddr};"		\
 		"source ${scriptaddr}\0"			\
 	"installer=load mmc 0:2 $load_addr "			\
diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index e41ace6685..2e8a8bbdb7 100644
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -495,7 +495,8 @@ unsigned long get_board_sys_clk(void);
 			"${scriptaddr} ${prefix}${script}; "	\
 		"env exists secureboot && load ${devtype} "	\
 			"${devnum}:${distro_bootpart} "		\
-			"${scripthdraddr} ${prefix}${boot_script_hdr} "	\
+			"${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+			"env exists secureboot "	\
 			"&& esbc_validate ${scripthdraddr};"	\
 		"source ${scriptaddr}\0"			\
 	"qspi_bootcmd=echo Trying load from qspi..;"		\
-- 
2.17.1