From 07806e622963902efa57959a447c1dd6419e126b Mon Sep 17 00:00:00 2001
From: Sumit Garg <sumit.garg@nxp.com>
Date: Thu, 1 Sep 2016 12:56:44 -0400
Subject: ls1043ardb: PPA: add PPA validation in case of secure boot

As part of Secure Boot Chain of trust, PPA image must be validated
before the image is started.
The code for the same has been added.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
---
 arch/arm/cpu/armv8/fsl-layerscape/ppa.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'arch/arm/cpu/armv8/fsl-layerscape')

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
index f54ac3f..b68e87d 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
@@ -17,6 +17,9 @@
 #ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
 #include <asm/armv8/sec_firmware.h>
 #endif
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
 
 int ppa_init(void)
 {
@@ -24,12 +27,30 @@ int ppa_init(void)
 	u32 *boot_loc_ptr_l, *boot_loc_ptr_h;
 	int ret;
 
+#ifdef CONFIG_CHAIN_OF_TRUST
+	uintptr_t ppa_esbc_hdr = CONFIG_SYS_LS_PPA_ESBC_ADDR;
+	uintptr_t ppa_img_addr = 0;
+#endif
+
 #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
 	ppa_fit_addr = (void *)CONFIG_SYS_LS_PPA_FW_ADDR;
 #else
 #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
 #endif
 
+#ifdef CONFIG_CHAIN_OF_TRUST
+	ppa_img_addr = (uintptr_t)ppa_fit_addr;
+	if (fsl_check_boot_mode_secure() != 0) {
+		ret = fsl_secboot_validate(ppa_esbc_hdr,
+					   CONFIG_PPA_KEY_HASH,
+					   &ppa_img_addr);
+		if (ret != 0)
+			printf("PPA validation failed\n");
+		else
+			printf("PPA validation Successful\n");
+	}
+#endif
+
 #ifdef CONFIG_FSL_LSCH3
 	struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
 	boot_loc_ptr_l = &gur->bootlocptrl;
-- 
cgit v1.1