LM
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

secure_boot: enable chain of trust for ARM platforms 

Chain of Trust is enabled for ARM platforms (LS1021 and LS1043).
In board_late_init(), fsl_setenv_chain_of_trust() is called which
will perform the following:
- If boot mode is non-secure, return (No Change)
- If boot mode is secure, set the following environmet variables:
   bootdelay = 0 (To disable Boot Prompt)
   bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This commit is contained in:
Aneesh Bansal 2016-01-22 16:37:26 +05:30 committed by York Sun
parent 0a6b2714ad
commit d041288586
6 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
arch/arm/cpu/armv8/fsl-layerscape/soc.c
View File

@ -12,6 +12,9 @@
#include <asm/io.h> #include <asm/io.h>
#include <asm/global_data.h> #include <asm/global_data.h>
#include <asm/arch-fsl-layerscape/config.h> #include <asm/arch-fsl-layerscape/config.h>
#ifdef CONFIG_CHAIN_OF_TRUST
#include <fsl_validate.h>
#endif
DECLARE_GLOBAL_DATA_PTR; DECLARE_GLOBAL_DATA_PTR;
@ -241,6 +244,9 @@ int board_late_init(void)
#ifdef CONFIG_SCSI_AHCI_PLAT #ifdef CONFIG_SCSI_AHCI_PLAT
sata_init(); sata_init();
#endif #endif
#ifdef CONFIG_CHAIN_OF_TRUST
fsl_setenv_chain_of_trust();
#endif
return 0; return 0;
} }

1
board/freescale/common/Makefile
View File

@ -76,5 +76,6 @@ obj-$(CONFIG_LAYERSCAPE_NS_ACCESS) += ns_access.o
ifdef CONFIG_SECURE_BOOT ifdef CONFIG_SECURE_BOOT
obj-$(CONFIG_CMD_ESBC_VALIDATE) += fsl_validate.o cmd_esbc_validate.o obj-$(CONFIG_CMD_ESBC_VALIDATE) += fsl_validate.o cmd_esbc_validate.o
endif endif
obj-$(CONFIG_CHAIN_OF_TRUST) += fsl_chain_of_trust.o
endif endif

17
board/freescale/common/fsl_chain_of_trust.c
View File

@ -51,3 +51,20 @@ int fsl_check_boot_mode_secure(void)
#endif #endif
return 0; return 0;
} }
int fsl_setenv_chain_of_trust(void)
{
/* Check Boot Mode
* If Boot Mode is Non-Secure, no changes are required
*/
if (fsl_check_boot_mode_secure() == 0)
return 0;
/* If Boot mode is Secure, set the environment variables
* bootdelay = 0 (To disable Boot Prompt)
* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
*/
setenv("bootdelay", "0");
setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
return 0;
}

4
board/freescale/ls1021aqds/ls1021aqds.c
View File

@ -22,6 +22,7 @@
#include <fsl_sec.h> #include <fsl_sec.h>
#include <spl.h> #include <spl.h>
#include <fsl_devdis.h> #include <fsl_devdis.h>
#include <fsl_validate.h>
#include "../common/sleep.h" #include "../common/sleep.h"
#include "../common/qixis.h" #include "../common/qixis.h"
@ -369,6 +370,9 @@ int board_late_init(void)
#ifdef CONFIG_SCSI_AHCI_PLAT #ifdef CONFIG_SCSI_AHCI_PLAT
ls1021a_sata_init(); ls1021a_sata_init();
#endif #endif
#ifdef CONFIG_CHAIN_OF_TRUST
fsl_setenv_chain_of_trust();
#endif
return 0; return 0;
} }

4
board/freescale/ls1021atwr/ls1021atwr.c
View File

@ -30,6 +30,7 @@
#ifdef CONFIG_U_QE #ifdef CONFIG_U_QE
#include "../../../drivers/qe/qe.h" #include "../../../drivers/qe/qe.h"
#endif #endif
#include <fsl_validate.h>
DECLARE_GLOBAL_DATA_PTR; DECLARE_GLOBAL_DATA_PTR;
@ -549,6 +550,9 @@ int board_late_init(void)
#ifdef CONFIG_SCSI_AHCI_PLAT #ifdef CONFIG_SCSI_AHCI_PLAT
ls1021a_sata_init(); ls1021a_sata_init();
#endif #endif
#ifdef CONFIG_CHAIN_OF_TRUST
fsl_setenv_chain_of_trust();
#endif
return 0; return 0;
} }

2
include/fsl_validate.h
View File

@ -205,4 +205,6 @@ int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[]); char * const argv[]);
int fsl_check_boot_mode_secure(void);
int fsl_setenv_chain_of_trust(void);
#endif #endif