[PATCH 3/4] nxp: config_fsl_chain_trust.h: Clean up and remove unused portions

Tom Rini trini at konsulko.com
Fri Jun 17 22:24:33 CEST 2022


The way that secure boot is implemented today on NXP ARM platforms does
not reuse the elements found in include/config_fsl_chain_trust.h to
construct CONFIG_SECBOOT but instead board header files have their
environment setup as needed and then fsl_setenv_chain_of_trust() will
set secureboot in the environment.  Remove a large number of unused
defines here.

Cc: Peng Fan <peng.fan at nxp.com>
Signed-off-by: Tom Rini <trini at konsulko.com>
---
 arch/arm/include/asm/fsl_secure_boot.h | 71 --------------------------
 include/config_fsl_chain_trust.h       | 25 ---------
 2 files changed, 96 deletions(-)

diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 9c9e1dab9a41..a4f4961fc877 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -24,76 +24,6 @@
 
 #endif
 
-#ifdef CONFIG_ARCH_LS2080A
-#define CONFIG_EXTRA_ENV \
-	"setenv fdt_high 0xa0000000;"	\
-	"setenv initrd_high 0xcfffffff;"	\
-	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
-#else
-#define CONFIG_EXTRA_ENV \
-	"setenv fdt_high 0xffffffff;"	\
-	"setenv initrd_high 0xffffffff;"	\
-	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
-#endif
-
-/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
- * Non-XIP Memory (Nand/SD)*/
-#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
-	defined(CONFIG_SD_BOOT) || defined(CONFIG_NAND_BOOT)
-#define CONFIG_BOOTSCRIPT_COPY_RAM
-#endif
-/* The address needs to be modified according to NOR, NAND, SD and
- * DDR memory map
- */
-#ifdef CONFIG_FSL_LSCH3
-#ifdef CONFIG_QSPI_BOOT
-#define CONFIG_BS_ADDR_DEVICE		0x20600000
-#define CONFIG_BS_HDR_ADDR_DEVICE	0x20640000
-#else /* NOR BOOT */
-#define CONFIG_BS_ADDR_DEVICE		0x580600000
-#define CONFIG_BS_HDR_ADDR_DEVICE	0x580640000
-#endif /*ifdef CONFIG_QSPI_BOOT */
-#define CONFIG_BS_SIZE			0x00001000
-#define CONFIG_BS_HDR_SIZE		0x00004000
-#define CONFIG_BS_ADDR_RAM		0xa0600000
-#define CONFIG_BS_HDR_ADDR_RAM		0xa0640000
-#else
-#ifdef CONFIG_SD_BOOT
-/* For SD boot address and size are assigned in terms of sector
- * offset and no. of sectors respectively.
- */
-#define CONFIG_BS_ADDR_DEVICE		0x00003000
-#define CONFIG_BS_HDR_ADDR_DEVICE	0x00003200
-#define CONFIG_BS_SIZE			0x00000008
-#define CONFIG_BS_HDR_SIZE		0x00000010
-#elif defined(CONFIG_NAND_BOOT)
-#define CONFIG_BS_ADDR_DEVICE		0x00600000
-#define CONFIG_BS_HDR_ADDR_DEVICE	0x00640000
-#define CONFIG_BS_SIZE			0x00001000
-#define CONFIG_BS_HDR_SIZE		0x00002000
-#elif defined(CONFIG_QSPI_BOOT)
-#define CONFIG_BS_ADDR_DEVICE		0x40600000
-#define CONFIG_BS_HDR_ADDR_DEVICE	0x40640000
-#define CONFIG_BS_SIZE			0x00001000
-#define CONFIG_BS_HDR_SIZE		0x00002000
-#else /* Default NOR Boot */
-#define CONFIG_BS_ADDR_DEVICE		0x60600000
-#define CONFIG_BS_HDR_ADDR_DEVICE	0x60640000
-#define CONFIG_BS_SIZE			0x00001000
-#define CONFIG_BS_HDR_SIZE		0x00002000
-#endif
-#define CONFIG_BS_ADDR_RAM		0x81000000
-#define CONFIG_BS_HDR_ADDR_RAM		0x81020000
-#endif
-
-#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
-#define CONFIG_BOOTSCRIPT_ADDR		CONFIG_BS_ADDR_RAM
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_RAM
-#else
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_DEVICE
-/* BOOTSCRIPT_ADDR is not required */
-#endif
-
 #ifdef CONFIG_FSL_LS_PPA
 /* Define the key hash here if SRK used for signing PPA image is
  * different from SRK hash put in SFP used for U-Boot.
@@ -104,7 +34,6 @@
 #define PPA_KEY_HASH		NULL
 #endif /* ifdef CONFIG_FSL_LS_PPA */
 
-#include <config_fsl_chain_trust.h>
 #endif /* #ifndef CONFIG_SPL_BUILD */
 #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
 #endif
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index 3922241be005..dd01e9668941 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -10,10 +10,6 @@
 
 #ifdef CONFIG_CHAIN_OF_TRUST
 
-#ifndef CONFIG_EXTRA_ENV
-#define CONFIG_EXTRA_ENV	""
-#endif
-
 /*
  * Control should not reach back to uboot after validation of images
  * for secure boot flow and therefore bootscript should have
@@ -21,14 +17,6 @@
  * after validating images, core should just spin.
  */
 
-/*
- * Define the key hash for boot script here if public/private key pair used to
- * sign bootscript are different from the SRK hash put in the fuse
- * Example of defining KEY_HASH is
- * #define CONFIG_BOOTSCRIPT_KEY_HASH \
- *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
- */
-
 #ifdef CONFIG_USE_BOOTARGS
 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
 #else
@@ -36,25 +24,12 @@
 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
 #endif
 
-
-#ifdef CONFIG_BOOTSCRIPT_KEY_HASH
 #define CONFIG_SECBOOT \
 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
 	CONFIG_SET_BOOTARGS	\
-	CONFIG_EXTRA_ENV	\
-	"esbc_validate $bs_hdraddr " \
-	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
-	"source $img_addr;"	\
-	"esbc_halt\0"
-#else
-#define CONFIG_SECBOOT \
-	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
-	CONFIG_SET_BOOTARGS	\
-	CONFIG_EXTRA_ENV	\
 	"esbc_validate $bs_hdraddr;" \
 	"source $img_addr;"	\
 	"esbc_halt\0"
-#endif
 
 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
 #define CONFIG_BS_COPY_ENV \
-- 
2.25.1



More information about the U-Boot mailing list