[PATCH 4/4] powerpc: Clean up CHAIN_OF_TRUST related options

Tom Rini trini at konsulko.com
Fri Jun 17 22:24:34 CEST 2022


As things stand currently, there is only one PowerPC platform that
enables the options for CHAIN_OF_TRUST.  From the board header files,
remove a number of never-set options.  Remove board specific values from
arch/powerpc/include/asm/fsl_secure_boot.h as well.  Rework
include/config_fsl_chain_trust.h to not abuse the CONFIG namespace for
constructing CHAIN_BOOT_CMD.  Migrate all of the configurable addresses
to Kconfig.

If any platforms are re-introduced with secure boot support, everything
required should still be here, but now in Kconfig, or requires migration
of an option to Kconfig.

Cc: Peng Fan <peng.fan at nxp.com>
Signed-off-by: Tom Rini <trini at konsulko.com>
---
 arch/Kconfig.nxp                            | 40 +++++++++++++++++++
 arch/powerpc/include/asm/fsl_secure_boot.h  | 43 +--------------------
 board/freescale/common/fsl_chain_of_trust.c |  5 ++-
 configs/T2080QDS_SECURE_BOOT_defconfig      |  1 +
 include/config_fsl_chain_trust.h            | 35 +++++++----------
 include/configs/P1010RDB.h                  |  4 +-
 include/configs/T104xRDB.h                  |  8 ----
 include/configs/corenet_ds.h                |  9 -----
 8 files changed, 61 insertions(+), 84 deletions(-)

diff --git a/arch/Kconfig.nxp b/arch/Kconfig.nxp
index 5ec0ee076eb1..7a35560282fb 100644
--- a/arch/Kconfig.nxp
+++ b/arch/Kconfig.nxp
@@ -74,6 +74,46 @@ config SPL_UBOOT_KEY_HASH
 	  41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b.
 	  Otherwise leave this empty.
 
+if PPC
+
+config BOOTSCRIPT_COPY_RAM
+	bool "Secure boot copies boot script to RAM"
+	help
+	  On systems that support chain of trust booting, a number of addresses
+	  are required to set variables that are used in the copying and then
+	  verification of different parts of the system.  If enabled, the subsequent
+	  options are for what location to use in each step.
+
+config BS_ADDR_DEVICE
+	hex "Address in RAM for bs_device"
+	depends on BOOTSCRIPT_COPY_RAM
+
+config BS_SIZE
+	hex "The size of bs_size which is the amount read from bs_device"
+	depends on BOOTSCRIPT_COPY_RAM
+
+config BS_ADDR_RAM
+	hex "Address in RAM for bs_ram"
+	depends on BOOTSCRIPT_COPY_RAM
+
+config BS_HDR_ADDR_DEVICE
+	hex "Address in RAM for bs_hdr_device"
+	depends on BOOTSCRIPT_COPY_RAM
+
+config BS_HDR_SIZE
+	hex "The size of bs_hdr_size which is the amount read from bs_hdr_device"
+	depends on BOOTSCRIPT_COPY_RAM
+
+config BS_HDR_ADDR_RAM
+	hex "Address in RAM for bs_hdr_ram"
+	depends on BOOTSCRIPT_COPY_RAM
+
+config BOOTSCRIPT_HDR_ADDR
+	hex "CONFIG_BOOTSCRIPT_HDR_ADDR"
+	default BS_ADDR_RAM if BOOTSCRIPT_COPY_RAM
+
+endif
+
 config SYS_FSL_SRK_LE
 	def_bool y
 	depends on ARM
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index c062fa5c191c..a96a1ac5d77e 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -10,19 +10,12 @@
 #ifdef CONFIG_NXP_ESBC
 #if defined(CONFIG_FSL_CORENET)
 #define CONFIG_SYS_PBI_FLASH_BASE		0xc0000000
-#elif defined(CONFIG_TARGET_BSC9132QDS)
-#define CONFIG_SYS_PBI_FLASH_BASE		0xc8000000
-#elif defined(CONFIG_TARGET_C29XPCIE)
-#define CONFIG_SYS_PBI_FLASH_BASE		0xcc000000
 #else
 #define CONFIG_SYS_PBI_FLASH_BASE		0xce000000
 #endif
 #define CONFIG_SYS_PBI_FLASH_WINDOW		0xcff80000
 
-#if defined(CONFIG_TARGET_B4860QDS) || \
-	defined(CONFIG_TARGET_B4420QDS) || \
-	defined(CONFIG_TARGET_T4240QDS) || \
-	defined(CONFIG_TARGET_T2080QDS) || \
+#if defined(CONFIG_TARGET_T2080QDS) || \
 	defined(CONFIG_TARGET_T2080RDB) || \
 	defined(CONFIG_TARGET_T1042RDB) || \
 	defined(CONFIG_TARGET_T1042D4RDB) || \
@@ -78,40 +71,6 @@
 #endif /* ifdef CONFIG_SPL_BUILD */
 
 #ifndef CONFIG_SPL_BUILD
-/*
- * fsl_setenv_chain_of_trust() must be called from
- * board_late_init()
- */
-
-/* If Boot Script is not on NOR and is required to be copied on RAM */
-#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
-#define CONFIG_BS_HDR_ADDR_RAM		0x00010000
-#define CONFIG_BS_HDR_ADDR_DEVICE	0x00800000
-#define CONFIG_BS_HDR_SIZE		0x00002000
-#define CONFIG_BS_ADDR_RAM		0x00012000
-#define CONFIG_BS_ADDR_DEVICE		0x00802000
-#define CONFIG_BS_SIZE			0x00001000
-
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_RAM
-#else
-
-/* The bootscript header address is different for B4860 because the NOR
- * mapping is different on B4 due to reduced NOR size.
- */
-#if defined(CONFIG_TARGET_B4860QDS) || defined(CONFIG_TARGET_B4420QDS)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	0xecc00000
-#elif defined(CONFIG_FSL_CORENET)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	0xe8e00000
-#elif defined(CONFIG_TARGET_BSC9132QDS)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	0x88020000
-#elif defined(CONFIG_TARGET_C29XPCIE)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	0xec020000
-#else
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	0xee020000
-#endif
-
-#endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
-
 #include <config_fsl_chain_trust.h>
 #endif /* #ifndef CONFIG_SPL_BUILD */
 #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
index 7ffb315bc935..d31fb821817c 100644
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -12,6 +12,7 @@
 #include <fsl_sfp.h>
 #include <log.h>
 #include <dm/root.h>
+#include <asm/fsl_secure_boot.h>
 
 #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
 #include <spl.h>
@@ -76,14 +77,14 @@ int fsl_setenv_chain_of_trust(void)
 
 	/* If Boot mode is Secure, set the environment variables
 	 * bootdelay = 0 (To disable Boot Prompt)
-	 * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
+	 * bootcmd = CHAIN_BOOT_CMD (Validate and execute Boot script)
 	 */
 	env_set("bootdelay", "-2");
 
 #ifdef CONFIG_ARM
 	env_set("secureboot", "y");
 #else
-	env_set("bootcmd", CONFIG_CHAIN_BOOT_CMD);
+	env_set("bootcmd", CHAIN_BOOT_CMD);
 #endif
 
 	return 0;
diff --git a/configs/T2080QDS_SECURE_BOOT_defconfig b/configs/T2080QDS_SECURE_BOOT_defconfig
index eebe06f8b5b4..4454377a6cb9 100644
--- a/configs/T2080QDS_SECURE_BOOT_defconfig
+++ b/configs/T2080QDS_SECURE_BOOT_defconfig
@@ -7,6 +7,7 @@ CONFIG_MPC85xx=y
 CONFIG_TARGET_T2080QDS=y
 CONFIG_MPC85XX_HAVE_RESET_VECTOR=y
 CONFIG_ENABLE_36BIT_PHYS=y
+CONFIG_BOOTSCRIPT_HDR_ADDR=0xee020000
 CONFIG_FSL_USE_PCA9547_MUX=y
 CONFIG_VID=y
 CONFIG_VID_FLS_ENV="t208xqds_vdd_mv"
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index dd01e9668941..380c906ba834 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -18,21 +18,21 @@
  */
 
 #ifdef CONFIG_USE_BOOTARGS
-#define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
+#define SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
 #else
-#define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
+#define SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
 #endif
 
-#define CONFIG_SECBOOT \
+#define SECBOOT \
 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
-	CONFIG_SET_BOOTARGS	\
+	SET_BOOTARGS	\
 	"esbc_validate $bs_hdraddr;" \
 	"source $img_addr;"	\
 	"esbc_halt\0"
 
 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
-#define CONFIG_BS_COPY_ENV \
+#define BS_COPY_ENV \
 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
 	"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
@@ -43,33 +43,28 @@
 /* For secure boot flow, default environment used will be used */
 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
 	defined(CONFIG_SD_BOOT)
-#if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
-#define CONFIG_BS_COPY_CMD \
+#if defined(CONFIG_NAND_BOOT)
+#define BS_COPY_CMD \
 	"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
 	"nand read $bs_ram $bs_device $bs_size ;"
 #elif defined(CONFIG_SD_BOOT)
-#define CONFIG_BS_COPY_CMD \
+#define BS_COPY_CMD \
 	"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
 	"mmc read $bs_ram $bs_device $bs_size ;"
 #endif
 #else
-#define CONFIG_BS_COPY_CMD \
+#define BS_COPY_CMD \
 	"cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
 	"cp.b $bs_device $bs_ram  $bs_size ;"
 #endif
+#else /* !CONFIG_BOOTSCRIPT_COPY_RAM */
+#define BS_COPY_ENV
+#define BS_COPY_CMD
 #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
 
-#ifndef CONFIG_BS_COPY_ENV
-#define CONFIG_BS_COPY_ENV
-#endif
-
-#ifndef CONFIG_BS_COPY_CMD
-#define CONFIG_BS_COPY_CMD
-#endif
-
-#define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
-				CONFIG_BS_COPY_CMD \
-				CONFIG_SECBOOT
+#define CHAIN_BOOT_CMD	BS_COPY_ENV \
+			BS_COPY_CMD \
+			SECBOOT
 
 #endif
 #endif
diff --git a/include/configs/P1010RDB.h b/include/configs/P1010RDB.h
index 200b88050cc7..19aebb810c7b 100644
--- a/include/configs/P1010RDB.h
+++ b/include/configs/P1010RDB.h
@@ -53,7 +53,6 @@
 #endif
 
 #ifdef CONFIG_NAND_SECBOOT	/* NAND Boot */
-#define CONFIG_RAMBOOT_NAND
 #define CONFIG_RESET_VECTOR_ADDRESS	0x110bfffc
 #endif
 
@@ -348,8 +347,7 @@ extern unsigned long get_sdram_size(void);
 					FTIM2_GPCM_TWP(0x1f))
 #define CONFIG_SYS_CS3_FTIM3		0x0
 
-#if defined(CONFIG_RAMBOOT_SDCARD) || defined(CONFIG_RAMBOOT_SPIFLASH) || \
-	defined(CONFIG_RAMBOOT_NAND)
+#if defined(CONFIG_RAMBOOT_SDCARD) || defined(CONFIG_RAMBOOT_SPIFLASH)
 #define CONFIG_SYS_RAMBOOT
 #else
 #undef CONFIG_SYS_RAMBOOT
diff --git a/include/configs/T104xRDB.h b/include/configs/T104xRDB.h
index f1738b32c5d6..1c2052608ec5 100644
--- a/include/configs/T104xRDB.h
+++ b/include/configs/T104xRDB.h
@@ -66,14 +66,6 @@
 #define CONFIG_PCIE3			/* PCIE controller 3 */
 #define CONFIG_PCIE4			/* PCIE controller 4 */
 
-#if defined(CONFIG_SPIFLASH)
-#elif defined(CONFIG_MTD_RAW_NAND)
-#ifdef CONFIG_NXP_ESBC
-#define CONFIG_RAMBOOT_NAND
-#define CONFIG_BOOTSCRIPT_COPY_RAM
-#endif
-#endif
-
 /*
  * These can be toggled for performance analysis, otherwise use default.
  */
diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h
index 51bc772e2386..6a4fd90ded9a 100644
--- a/include/configs/corenet_ds.h
+++ b/include/configs/corenet_ds.h
@@ -15,17 +15,8 @@
 #include "../board/freescale/common/ics307_clk.h"
 
 #ifdef CONFIG_RAMBOOT_PBL
-#ifdef CONFIG_NXP_ESBC
 #define CONFIG_RAMBOOT_TEXT_BASE	CONFIG_SYS_TEXT_BASE
 #define CONFIG_RESET_VECTOR_ADDRESS	0xfffffffc
-#ifdef CONFIG_MTD_RAW_NAND
-#define CONFIG_RAMBOOT_NAND
-#endif
-#define CONFIG_BOOTSCRIPT_COPY_RAM
-#else
-#define CONFIG_RAMBOOT_TEXT_BASE	CONFIG_SYS_TEXT_BASE
-#define CONFIG_RESET_VECTOR_ADDRESS	0xfffffffc
-#endif
 #endif
 
 #ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE
-- 
2.25.1



More information about the U-Boot mailing list