[PATCH 2/4] fsl_validate: Migrate SPL_UBOOT_KEY_HASH to Kconfig

Tom Rini trini at konsulko.com
Fri Jun 17 22:24:32 CEST 2022 

Move setting of SPL_UBOOT_KEY_HASH to a non-NULL value to Kconfig.  As
part of this, change fsl_secboot_validate(...) to check that it is
passed a non-empty string, rather than non-NULL.

Cc: Peng Fan <peng.fan at nxp.com>
Cc: Priyanka Jain <priyanka.jain at nxp.com>
Cc: Kshitiz Varshney <kshitiz.varshney at nxp.com>
Signed-off-by: Tom Rini <trini at konsulko.com>
---
 arch/Kconfig.nxp                           | 11 +++++++++++
 arch/arm/include/asm/fsl_secure_boot.h     | 13 -------------
 arch/powerpc/include/asm/fsl_secure_boot.h | 10 ----------
 board/freescale/common/fsl_validate.c      |  2 +-
 4 files changed, 12 insertions(+), 24 deletions(-)

diff --git a/arch/Kconfig.nxp b/arch/Kconfig.nxp
index f72c513aa6a8..5ec0ee076eb1 100644
--- a/arch/Kconfig.nxp
+++ b/arch/Kconfig.nxp
@@ -63,6 +63,17 @@ config SYS_FSL_SFP_VER_3_4
 
 endchoice
 
+config SPL_UBOOT_KEY_HASH
+	string "Non-SRK key hash for U-Boot public/private key pair"
+	depends on SPL
+	default ""
+	help
+	  Set the key hash for U-Boot here if public/private key pair used to
+	  sign U-boot are different from the SRK hash put in the fuse.  Example
+	  of a key hash is
+	  41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b.
+	  Otherwise leave this empty.
+
 config SYS_FSL_SRK_LE
 	def_bool y
 	depends on ARM
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 09c88841e0c0..9c9e1dab9a41 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -8,19 +8,6 @@
 #define __FSL_SECURE_BOOT_H
 
 #ifdef CONFIG_CHAIN_OF_TRUST
-#ifdef CONFIG_SPL_BUILD
-/*
- * Define the key hash for U-Boot here if public/private key pair used to
- * sign U-boot are different from the SRK hash put in the fuse
- * Example of defining KEY_HASH is
- * #define CONFIG_SPL_UBOOT_KEY_HASH \
- *      "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
- * else leave it defined as NULL
- */
-
-#define CONFIG_SPL_UBOOT_KEY_HASH	NULL
-#endif /* ifdef CONFIG_SPL_BUILD */
-
 #ifndef CONFIG_SPL_BUILD
 #ifndef CONFIG_SYS_RAMBOOT
 /* The key used for verification of next level images
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 9ae4c590f1d5..c062fa5c191c 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -75,16 +75,6 @@
 #define CONFIG_SPL_SPAACT_ADDR		0x2f000000
 #define CONFIG_SPL_JR0_LIODN_S		454
 #define CONFIG_SPL_JR0_LIODN_NS		458
-/*
- * Define the key hash for U-Boot here if public/private key pair used to
- * sign U-boot are different from the SRK hash put in the fuse
- * Example of defining KEY_HASH is
- * #define CONFIG_SPL_UBOOT_KEY_HASH \
- *      "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
- * else leave it defined as NULL
- */
-
-#define CONFIG_SPL_UBOOT_KEY_HASH	NULL
 #endif /* ifdef CONFIG_SPL_BUILD */
 
 #ifndef CONFIG_SPL_BUILD
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 34875d0b8f25..f1a0b0cfc34c 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -871,7 +871,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
 	int ret, i, hash_cmd = 0;
 	u32 srk_hash[8];
 
-	if (arg_hash_str != NULL) {
+	if (strlen(arg_hash_str) != 0) {
 		const char *cp = arg_hash_str;
 		int i = 0;
 
-- 
2.25.1

More information about the U-Boot mailing list