summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAneesh Bansal <aneesh.bansal@nxp.com>2016-01-22 16:37:27 +0530
committerYork Sun <york.sun@nxp.com>2016-01-27 08:12:56 -0800
commitd0a6d7ce55ec40d23ad96b549d596afd8f70735c (patch)
tree64d3a04cc0e71aebaee1731c4eb08cced0c7e9ec
parentd041288586b05164c84794a5956ddc5fb8939115 (diff)
downloadu-boot-imx-d0a6d7ce55ec40d23ad96b549d596afd8f70735c.zip
u-boot-imx-d0a6d7ce55ec40d23ad96b549d596afd8f70735c.tar.gz
u-boot-imx-d0a6d7ce55ec40d23ad96b549d596afd8f70735c.tar.bz2
secure_boot: enable chain of trust for PowerPC platforms
Chain of Trust is enabled for PowerPC platforms for Secure Boot. CONFIG_BOARD_LATE_INIT is defined. In board_late_init(), fsl_setenv_chain_of_trust() is called which will perform the following: - If boot mode is non-secure, return (No Change) - If boot mode is secure, set the following environmet variables: bootdelay = 0 (To disable Boot Prompt) bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script) Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
-rw-r--r--arch/powerpc/cpu/mpc85xx/cpu_init.c14
-rw-r--r--arch/powerpc/include/asm/fsl_secure_boot.h7
2 files changed, 21 insertions, 0 deletions
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index 13a7d0f..d51616b 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -27,6 +27,9 @@
#include <hwconfig.h>
#include <linux/compiler.h>
#include "mp.h"
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
#ifdef CONFIG_FSL_CAAM
#include <fsl_sec.h>
#endif
@@ -1009,3 +1012,14 @@ void cpu_secondary_init_r(void)
qe_reset();
#endif
}
+
+#ifdef CONFIG_BOARD_LATE_INIT
+int board_late_init(void)
+{
+#ifdef CONFIG_CHAIN_OF_TRUST
+ fsl_setenv_chain_of_trust();
+#endif
+
+ return 0;
+}
+#endif
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 41058d1..c45cace 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -87,6 +87,13 @@
#define CONFIG_FSL_CAAM
#endif
+/* fsl_setenv_chain_of_trust() must be called from
+ * board_late_init()
+ */
+#ifndef CONFIG_BOARD_LATE_INIT
+#define CONFIG_BOARD_LATE_INIT
+#endif
+
/* If Boot Script is not on NOR and is required to be copied on RAM */
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BS_HDR_ADDR_RAM 0x00010000