From 028ac8c73355ab1340ed7ce179f08cbbae841034 Mon Sep 17 00:00:00 2001 From: Sumit Garg Date: Tue, 14 Jun 2016 13:52:38 -0400 Subject: SECURE_BOOT: Enable chain of trust in SPL framework Override jump_to_image_no_args function to include validation of u-boot image using spl_validate_uboot before jumping to u-boot image. Also define macros in SPL framework to enable crypto operations. Reviewed-by: Aneesh Bansal Signed-off-by: Sumit Garg Reviewed-by: Simon Glass Reviewed-by: York Sun --- board/freescale/common/fsl_chain_of_trust.c | 34 ++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'board/freescale') diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c index 290536d..dea231b 100644 --- a/board/freescale/common/fsl_chain_of_trust.c +++ b/board/freescale/common/fsl_chain_of_trust.c @@ -10,6 +10,10 @@ #include #include +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK) +#include +#endif + #ifdef CONFIG_ADDR_MAP #include #endif @@ -115,7 +119,7 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) * do not use common SPL framework, so need to call this function here. */ #if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK)) - dm_init_and_scan(false); + dm_init_and_scan(true); #endif res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH, &img_addr); @@ -123,4 +127,32 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) if (res == 0) printf("SPL: Validation of U-boot successful\n"); } + +#ifdef CONFIG_SPL_FRAMEWORK +/* Override weak funtion defined in SPL framework to enable validation + * of main u-boot image before jumping to u-boot image. + */ +void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) +{ + typedef void __noreturn (*image_entry_noargs_t)(void); + uint32_t hdr_addr; + + image_entry_noargs_t image_entry = + (image_entry_noargs_t)(unsigned long)spl_image->entry_point; + + hdr_addr = (spl_image->entry_point + spl_image->size - + CONFIG_U_BOOT_HDR_SIZE); + spl_validate_uboot(hdr_addr, (uintptr_t)spl_image->entry_point); + /* + * In case of failure in validation, spl_validate_uboot would + * not return back in case of Production environment with ITS=1. + * Thus U-Boot will not start. + * In Development environment (ITS=0 and SB_EN=1), the function + * may return back in case of non-fatal failures. + */ + + debug("image entry point: 0x%X\n", spl_image->entry_point); + image_entry(); +} +#endif /* ifdef CONFIG_SPL_FRAMEWORK */ #endif /* ifdef CONFIG_SPL_BUILD */ -- cgit v1.1