ENGR00233307 Need secure/encrypted boot for Widevine support.

* Adding the config option CONFIG_SECURE_BOOT to the SabreSD board,
but defaulting it to be disabled. Removed the CONFIG_SECURE_BOOT
key from mx6q_arm2_android.h so that it is only in one file,
include/configs/mx6q_arm2.h

* Fixed up an address alignment check in authenticate_image(). The
test would fail in the event the address is already aligned.
Also, added some debug code which can be enabled to assist in
testing secure images.

* Added support for authenticating an image when using booti.

* Adding support for secure boot to the Sabre SD board.

* Added support for encrypted boot to mx6q arm2 board linker script.

Signed-off-by: Dan Douglass <dan.douglass@freescale.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c
index e3ef82d..1b15ebf 100644
--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -1521,6 +1521,10 @@ int do_booti(cmd_tbl_t *cmdtp, int flag, int argc, char *argv[])
 	char *ptn = "boot";
 	int mmcc = -1;
 	boot_img_hdr *hdr = (void *)boothdr;
+#ifdef CONFIG_SECURE_BOOT
+    u_int32_t load_addr;
+    uint32_t image_size;
+#endif
 
 	if (argc < 2)
 		return -1;
@@ -1669,6 +1673,21 @@ int do_booti(cmd_tbl_t *cmdtp, int flag, int argc, char *argv[])
 	printf("kernel   @ %08x (%d)\n", hdr->kernel_addr, hdr->kernel_size);
 	printf("ramdisk  @ %08x (%d)\n", hdr->ramdisk_addr, hdr->ramdisk_size);
 
+#ifdef CONFIG_SECURE_BOOT
+#define IVT_SIZE 0x20
+#define CSF_PAD_SIZE 0x2000
+	extern uint32_t authenticate_image(uint32_t ddr_start,
+					   uint32_t image_size);
+
+	image_size = hdr->ramdisk_addr + hdr->ramdisk_size - hdr->kernel_addr -
+		IVT_SIZE - CSF_PAD_SIZE;
+
+	if (authenticate_image(hdr->kernel_addr, image_size))
+		printf("Authentication Successful\n");
+	else
+		printf("Authentication Failed\n");
+#endif
+
 	do_booti_linux(hdr);
 
 	puts ("booti: Control returned to monitor - resetting...\n");