summaryrefslogtreecommitdiff
path: root/board/freescale/common
diff options
context:
space:
mode:
authorAneesh Bansal <aneesh.bansal@nxp.com>2016-01-22 16:37:26 +0530
committerYork Sun <york.sun@nxp.com>2016-01-27 08:12:49 -0800
commitd041288586b05164c84794a5956ddc5fb8939115 (patch)
tree8498d20c471b0fec63aa95a1250b0e1d08d35130 /board/freescale/common
parent0a6b2714adfffce6a1497bd2ed6cbf4f7b4b0236 (diff)
downloadu-boot-imx-d041288586b05164c84794a5956ddc5fb8939115.zip
u-boot-imx-d041288586b05164c84794a5956ddc5fb8939115.tar.gz
u-boot-imx-d041288586b05164c84794a5956ddc5fb8939115.tar.bz2
secure_boot: enable chain of trust for ARM platforms
Chain of Trust is enabled for ARM platforms (LS1021 and LS1043). In board_late_init(), fsl_setenv_chain_of_trust() is called which will perform the following: - If boot mode is non-secure, return (No Change) - If boot mode is secure, set the following environmet variables: bootdelay = 0 (To disable Boot Prompt) bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script) Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'board/freescale/common')
-rw-r--r--board/freescale/common/Makefile1
-rw-r--r--board/freescale/common/fsl_chain_of_trust.c17
2 files changed, 18 insertions, 0 deletions
diff --git a/board/freescale/common/Makefile b/board/freescale/common/Makefile
index 51d2814..be114ce 100644
--- a/board/freescale/common/Makefile
+++ b/board/freescale/common/Makefile
@@ -76,5 +76,6 @@ obj-$(CONFIG_LAYERSCAPE_NS_ACCESS) += ns_access.o
ifdef CONFIG_SECURE_BOOT
obj-$(CONFIG_CMD_ESBC_VALIDATE) += fsl_validate.o cmd_esbc_validate.o
endif
+obj-$(CONFIG_CHAIN_OF_TRUST) += fsl_chain_of_trust.o
endif
diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
index ff67bd7..ecfcc82 100644
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -51,3 +51,20 @@ int fsl_check_boot_mode_secure(void)
#endif
return 0;
}
+
+int fsl_setenv_chain_of_trust(void)
+{
+ /* Check Boot Mode
+ * If Boot Mode is Non-Secure, no changes are required
+ */
+ if (fsl_check_boot_mode_secure() == 0)
+ return 0;
+
+ /* If Boot mode is Secure, set the environment variables
+ * bootdelay = 0 (To disable Boot Prompt)
+ * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
+ */
+ setenv("bootdelay", "0");
+ setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
+ return 0;
+}