[PATCH 3/4] nxp: config_fsl_chain_trust.h: Clean up and remove unused portions
Tom Rini
trini at konsulko.com
Fri Jun 17 22:24:33 CEST 2022
The way that secure boot is implemented today on NXP ARM platforms does
not reuse the elements found in include/config_fsl_chain_trust.h to
construct CONFIG_SECBOOT but instead board header files have their
environment setup as needed and then fsl_setenv_chain_of_trust() will
set secureboot in the environment. Remove a large number of unused
defines here.
Cc: Peng Fan <peng.fan at nxp.com>
Signed-off-by: Tom Rini <trini at konsulko.com>
---
arch/arm/include/asm/fsl_secure_boot.h | 71 --------------------------
include/config_fsl_chain_trust.h | 25 ---------
2 files changed, 96 deletions(-)
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 9c9e1dab9a41..a4f4961fc877 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -24,76 +24,6 @@
#endif
-#ifdef CONFIG_ARCH_LS2080A
-#define CONFIG_EXTRA_ENV \
- "setenv fdt_high 0xa0000000;" \
- "setenv initrd_high 0xcfffffff;" \
- "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
-#else
-#define CONFIG_EXTRA_ENV \
- "setenv fdt_high 0xffffffff;" \
- "setenv initrd_high 0xffffffff;" \
- "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
-#endif
-
-/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
- * Non-XIP Memory (Nand/SD)*/
-#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
- defined(CONFIG_SD_BOOT) || defined(CONFIG_NAND_BOOT)
-#define CONFIG_BOOTSCRIPT_COPY_RAM
-#endif
-/* The address needs to be modified according to NOR, NAND, SD and
- * DDR memory map
- */
-#ifdef CONFIG_FSL_LSCH3
-#ifdef CONFIG_QSPI_BOOT
-#define CONFIG_BS_ADDR_DEVICE 0x20600000
-#define CONFIG_BS_HDR_ADDR_DEVICE 0x20640000
-#else /* NOR BOOT */
-#define CONFIG_BS_ADDR_DEVICE 0x580600000
-#define CONFIG_BS_HDR_ADDR_DEVICE 0x580640000
-#endif /*ifdef CONFIG_QSPI_BOOT */
-#define CONFIG_BS_SIZE 0x00001000
-#define CONFIG_BS_HDR_SIZE 0x00004000
-#define CONFIG_BS_ADDR_RAM 0xa0600000
-#define CONFIG_BS_HDR_ADDR_RAM 0xa0640000
-#else
-#ifdef CONFIG_SD_BOOT
-/* For SD boot address and size are assigned in terms of sector
- * offset and no. of sectors respectively.
- */
-#define CONFIG_BS_ADDR_DEVICE 0x00003000
-#define CONFIG_BS_HDR_ADDR_DEVICE 0x00003200
-#define CONFIG_BS_SIZE 0x00000008
-#define CONFIG_BS_HDR_SIZE 0x00000010
-#elif defined(CONFIG_NAND_BOOT)
-#define CONFIG_BS_ADDR_DEVICE 0x00600000
-#define CONFIG_BS_HDR_ADDR_DEVICE 0x00640000
-#define CONFIG_BS_SIZE 0x00001000
-#define CONFIG_BS_HDR_SIZE 0x00002000
-#elif defined(CONFIG_QSPI_BOOT)
-#define CONFIG_BS_ADDR_DEVICE 0x40600000
-#define CONFIG_BS_HDR_ADDR_DEVICE 0x40640000
-#define CONFIG_BS_SIZE 0x00001000
-#define CONFIG_BS_HDR_SIZE 0x00002000
-#else /* Default NOR Boot */
-#define CONFIG_BS_ADDR_DEVICE 0x60600000
-#define CONFIG_BS_HDR_ADDR_DEVICE 0x60640000
-#define CONFIG_BS_SIZE 0x00001000
-#define CONFIG_BS_HDR_SIZE 0x00002000
-#endif
-#define CONFIG_BS_ADDR_RAM 0x81000000
-#define CONFIG_BS_HDR_ADDR_RAM 0x81020000
-#endif
-
-#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
-#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM
-#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
-#else
-#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_DEVICE
-/* BOOTSCRIPT_ADDR is not required */
-#endif
-
#ifdef CONFIG_FSL_LS_PPA
/* Define the key hash here if SRK used for signing PPA image is
* different from SRK hash put in SFP used for U-Boot.
@@ -104,7 +34,6 @@
#define PPA_KEY_HASH NULL
#endif /* ifdef CONFIG_FSL_LS_PPA */
-#include <config_fsl_chain_trust.h>
#endif /* #ifndef CONFIG_SPL_BUILD */
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index 3922241be005..dd01e9668941 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -10,10 +10,6 @@
#ifdef CONFIG_CHAIN_OF_TRUST
-#ifndef CONFIG_EXTRA_ENV
-#define CONFIG_EXTRA_ENV ""
-#endif
-
/*
* Control should not reach back to uboot after validation of images
* for secure boot flow and therefore bootscript should have
@@ -21,14 +17,6 @@
* after validating images, core should just spin.
*/
-/*
- * Define the key hash for boot script here if public/private key pair used to
- * sign bootscript are different from the SRK hash put in the fuse
- * Example of defining KEY_HASH is
- * #define CONFIG_BOOTSCRIPT_KEY_HASH \
- * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
- */
-
#ifdef CONFIG_USE_BOOTARGS
#define CONFIG_SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';"
#else
@@ -36,25 +24,12 @@
"rw console=ttyS0,115200 ramdisk_size=600000\';"
#endif
-
-#ifdef CONFIG_BOOTSCRIPT_KEY_HASH
#define CONFIG_SECBOOT \
"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
CONFIG_SET_BOOTARGS \
- CONFIG_EXTRA_ENV \
- "esbc_validate $bs_hdraddr " \
- __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
- "source $img_addr;" \
- "esbc_halt\0"
-#else
-#define CONFIG_SECBOOT \
- "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
- CONFIG_SET_BOOTARGS \
- CONFIG_EXTRA_ENV \
"esbc_validate $bs_hdraddr;" \
"source $img_addr;" \
"esbc_halt\0"
-#endif
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BS_COPY_ENV \
--
2.25.1
More information about the U-Boot
mailing list