[PATCH 4/4] powerpc: Clean up CHAIN_OF_TRUST related options
Tom Rini
trini at konsulko.com
Fri Jun 17 22:24:34 CEST 2022
As things stand currently, there is only one PowerPC platform that
enables the options for CHAIN_OF_TRUST. From the board header files,
remove a number of never-set options. Remove board specific values from
arch/powerpc/include/asm/fsl_secure_boot.h as well. Rework
include/config_fsl_chain_trust.h to not abuse the CONFIG namespace for
constructing CHAIN_BOOT_CMD. Migrate all of the configurable addresses
to Kconfig.
If any platforms are re-introduced with secure boot support, everything
required should still be here, but now in Kconfig, or requires migration
of an option to Kconfig.
Cc: Peng Fan <peng.fan at nxp.com>
Signed-off-by: Tom Rini <trini at konsulko.com>
---
arch/Kconfig.nxp | 40 +++++++++++++++++++
arch/powerpc/include/asm/fsl_secure_boot.h | 43 +--------------------
board/freescale/common/fsl_chain_of_trust.c | 5 ++-
configs/T2080QDS_SECURE_BOOT_defconfig | 1 +
include/config_fsl_chain_trust.h | 35 +++++++----------
include/configs/P1010RDB.h | 4 +-
include/configs/T104xRDB.h | 8 ----
include/configs/corenet_ds.h | 9 -----
8 files changed, 61 insertions(+), 84 deletions(-)
diff --git a/arch/Kconfig.nxp b/arch/Kconfig.nxp
index 5ec0ee076eb1..7a35560282fb 100644
--- a/arch/Kconfig.nxp
+++ b/arch/Kconfig.nxp
@@ -74,6 +74,46 @@ config SPL_UBOOT_KEY_HASH
41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b.
Otherwise leave this empty.
+if PPC
+
+config BOOTSCRIPT_COPY_RAM
+ bool "Secure boot copies boot script to RAM"
+ help
+ On systems that support chain of trust booting, a number of addresses
+ are required to set variables that are used in the copying and then
+ verification of different parts of the system. If enabled, the subsequent
+ options are for what location to use in each step.
+
+config BS_ADDR_DEVICE
+ hex "Address in RAM for bs_device"
+ depends on BOOTSCRIPT_COPY_RAM
+
+config BS_SIZE
+ hex "The size of bs_size which is the amount read from bs_device"
+ depends on BOOTSCRIPT_COPY_RAM
+
+config BS_ADDR_RAM
+ hex "Address in RAM for bs_ram"
+ depends on BOOTSCRIPT_COPY_RAM
+
+config BS_HDR_ADDR_DEVICE
+ hex "Address in RAM for bs_hdr_device"
+ depends on BOOTSCRIPT_COPY_RAM
+
+config BS_HDR_SIZE
+ hex "The size of bs_hdr_size which is the amount read from bs_hdr_device"
+ depends on BOOTSCRIPT_COPY_RAM
+
+config BS_HDR_ADDR_RAM
+ hex "Address in RAM for bs_hdr_ram"
+ depends on BOOTSCRIPT_COPY_RAM
+
+config BOOTSCRIPT_HDR_ADDR
+ hex "CONFIG_BOOTSCRIPT_HDR_ADDR"
+ default BS_ADDR_RAM if BOOTSCRIPT_COPY_RAM
+
+endif
+
config SYS_FSL_SRK_LE
def_bool y
depends on ARM
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index c062fa5c191c..a96a1ac5d77e 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -10,19 +10,12 @@
#ifdef CONFIG_NXP_ESBC
#if defined(CONFIG_FSL_CORENET)
#define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000
-#elif defined(CONFIG_TARGET_BSC9132QDS)
-#define CONFIG_SYS_PBI_FLASH_BASE 0xc8000000
-#elif defined(CONFIG_TARGET_C29XPCIE)
-#define CONFIG_SYS_PBI_FLASH_BASE 0xcc000000
#else
#define CONFIG_SYS_PBI_FLASH_BASE 0xce000000
#endif
#define CONFIG_SYS_PBI_FLASH_WINDOW 0xcff80000
-#if defined(CONFIG_TARGET_B4860QDS) || \
- defined(CONFIG_TARGET_B4420QDS) || \
- defined(CONFIG_TARGET_T4240QDS) || \
- defined(CONFIG_TARGET_T2080QDS) || \
+#if defined(CONFIG_TARGET_T2080QDS) || \
defined(CONFIG_TARGET_T2080RDB) || \
defined(CONFIG_TARGET_T1042RDB) || \
defined(CONFIG_TARGET_T1042D4RDB) || \
@@ -78,40 +71,6 @@
#endif /* ifdef CONFIG_SPL_BUILD */
#ifndef CONFIG_SPL_BUILD
-/*
- * fsl_setenv_chain_of_trust() must be called from
- * board_late_init()
- */
-
-/* If Boot Script is not on NOR and is required to be copied on RAM */
-#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
-#define CONFIG_BS_HDR_ADDR_RAM 0x00010000
-#define CONFIG_BS_HDR_ADDR_DEVICE 0x00800000
-#define CONFIG_BS_HDR_SIZE 0x00002000
-#define CONFIG_BS_ADDR_RAM 0x00012000
-#define CONFIG_BS_ADDR_DEVICE 0x00802000
-#define CONFIG_BS_SIZE 0x00001000
-
-#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
-#else
-
-/* The bootscript header address is different for B4860 because the NOR
- * mapping is different on B4 due to reduced NOR size.
- */
-#if defined(CONFIG_TARGET_B4860QDS) || defined(CONFIG_TARGET_B4420QDS)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xecc00000
-#elif defined(CONFIG_FSL_CORENET)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xe8e00000
-#elif defined(CONFIG_TARGET_BSC9132QDS)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR 0x88020000
-#elif defined(CONFIG_TARGET_C29XPCIE)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xec020000
-#else
-#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xee020000
-#endif
-
-#endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
-
#include <config_fsl_chain_trust.h>
#endif /* #ifndef CONFIG_SPL_BUILD */
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
index 7ffb315bc935..d31fb821817c 100644
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -12,6 +12,7 @@
#include <fsl_sfp.h>
#include <log.h>
#include <dm/root.h>
+#include <asm/fsl_secure_boot.h>
#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
#include <spl.h>
@@ -76,14 +77,14 @@ int fsl_setenv_chain_of_trust(void)
/* If Boot mode is Secure, set the environment variables
* bootdelay = 0 (To disable Boot Prompt)
- * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
+ * bootcmd = CHAIN_BOOT_CMD (Validate and execute Boot script)
*/
env_set("bootdelay", "-2");
#ifdef CONFIG_ARM
env_set("secureboot", "y");
#else
- env_set("bootcmd", CONFIG_CHAIN_BOOT_CMD);
+ env_set("bootcmd", CHAIN_BOOT_CMD);
#endif
return 0;
diff --git a/configs/T2080QDS_SECURE_BOOT_defconfig b/configs/T2080QDS_SECURE_BOOT_defconfig
index eebe06f8b5b4..4454377a6cb9 100644
--- a/configs/T2080QDS_SECURE_BOOT_defconfig
+++ b/configs/T2080QDS_SECURE_BOOT_defconfig
@@ -7,6 +7,7 @@ CONFIG_MPC85xx=y
CONFIG_TARGET_T2080QDS=y
CONFIG_MPC85XX_HAVE_RESET_VECTOR=y
CONFIG_ENABLE_36BIT_PHYS=y
+CONFIG_BOOTSCRIPT_HDR_ADDR=0xee020000
CONFIG_FSL_USE_PCA9547_MUX=y
CONFIG_VID=y
CONFIG_VID_FLS_ENV="t208xqds_vdd_mv"
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index dd01e9668941..380c906ba834 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -18,21 +18,21 @@
*/
#ifdef CONFIG_USE_BOOTARGS
-#define CONFIG_SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';"
+#define SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';"
#else
-#define CONFIG_SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \
+#define SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \
"rw console=ttyS0,115200 ramdisk_size=600000\';"
#endif
-#define CONFIG_SECBOOT \
+#define SECBOOT \
"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
- CONFIG_SET_BOOTARGS \
+ SET_BOOTARGS \
"esbc_validate $bs_hdraddr;" \
"source $img_addr;" \
"esbc_halt\0"
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
-#define CONFIG_BS_COPY_ENV \
+#define BS_COPY_ENV \
"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
@@ -43,33 +43,28 @@
/* For secure boot flow, default environment used will be used */
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
defined(CONFIG_SD_BOOT)
-#if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
-#define CONFIG_BS_COPY_CMD \
+#if defined(CONFIG_NAND_BOOT)
+#define BS_COPY_CMD \
"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
"nand read $bs_ram $bs_device $bs_size ;"
#elif defined(CONFIG_SD_BOOT)
-#define CONFIG_BS_COPY_CMD \
+#define BS_COPY_CMD \
"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
"mmc read $bs_ram $bs_device $bs_size ;"
#endif
#else
-#define CONFIG_BS_COPY_CMD \
+#define BS_COPY_CMD \
"cp.b $bs_hdr_device $bs_hdr_ram $bs_hdr_size ;" \
"cp.b $bs_device $bs_ram $bs_size ;"
#endif
+#else /* !CONFIG_BOOTSCRIPT_COPY_RAM */
+#define BS_COPY_ENV
+#define BS_COPY_CMD
#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
-#ifndef CONFIG_BS_COPY_ENV
-#define CONFIG_BS_COPY_ENV
-#endif
-
-#ifndef CONFIG_BS_COPY_CMD
-#define CONFIG_BS_COPY_CMD
-#endif
-
-#define CONFIG_CHAIN_BOOT_CMD CONFIG_BS_COPY_ENV \
- CONFIG_BS_COPY_CMD \
- CONFIG_SECBOOT
+#define CHAIN_BOOT_CMD BS_COPY_ENV \
+ BS_COPY_CMD \
+ SECBOOT
#endif
#endif
diff --git a/include/configs/P1010RDB.h b/include/configs/P1010RDB.h
index 200b88050cc7..19aebb810c7b 100644
--- a/include/configs/P1010RDB.h
+++ b/include/configs/P1010RDB.h
@@ -53,7 +53,6 @@
#endif
#ifdef CONFIG_NAND_SECBOOT /* NAND Boot */
-#define CONFIG_RAMBOOT_NAND
#define CONFIG_RESET_VECTOR_ADDRESS 0x110bfffc
#endif
@@ -348,8 +347,7 @@ extern unsigned long get_sdram_size(void);
FTIM2_GPCM_TWP(0x1f))
#define CONFIG_SYS_CS3_FTIM3 0x0
-#if defined(CONFIG_RAMBOOT_SDCARD) || defined(CONFIG_RAMBOOT_SPIFLASH) || \
- defined(CONFIG_RAMBOOT_NAND)
+#if defined(CONFIG_RAMBOOT_SDCARD) || defined(CONFIG_RAMBOOT_SPIFLASH)
#define CONFIG_SYS_RAMBOOT
#else
#undef CONFIG_SYS_RAMBOOT
diff --git a/include/configs/T104xRDB.h b/include/configs/T104xRDB.h
index f1738b32c5d6..1c2052608ec5 100644
--- a/include/configs/T104xRDB.h
+++ b/include/configs/T104xRDB.h
@@ -66,14 +66,6 @@
#define CONFIG_PCIE3 /* PCIE controller 3 */
#define CONFIG_PCIE4 /* PCIE controller 4 */
-#if defined(CONFIG_SPIFLASH)
-#elif defined(CONFIG_MTD_RAW_NAND)
-#ifdef CONFIG_NXP_ESBC
-#define CONFIG_RAMBOOT_NAND
-#define CONFIG_BOOTSCRIPT_COPY_RAM
-#endif
-#endif
-
/*
* These can be toggled for performance analysis, otherwise use default.
*/
diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h
index 51bc772e2386..6a4fd90ded9a 100644
--- a/include/configs/corenet_ds.h
+++ b/include/configs/corenet_ds.h
@@ -15,17 +15,8 @@
#include "../board/freescale/common/ics307_clk.h"
#ifdef CONFIG_RAMBOOT_PBL
-#ifdef CONFIG_NXP_ESBC
#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE
#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc
-#ifdef CONFIG_MTD_RAW_NAND
-#define CONFIG_RAMBOOT_NAND
-#endif
-#define CONFIG_BOOTSCRIPT_COPY_RAM
-#else
-#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE
-#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc
-#endif
#endif
#ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE
--
2.25.1
More information about the U-Boot
mailing list