xref: /openbmc/u-boot/include/config_fsl_chain_trust.h (revision 83d290c56fab2d38cd1ab4c4cc7099559c1d5046) 
1*83d290c5STom Rini /* SPDX-License-Identifier: GPL-2.0+ */
2bdc22074SAneesh Bansal /*
3bdc22074SAneesh Bansal  * Copyright 2015 Freescale Semiconductor, Inc.
4bdc22074SAneesh Bansal  */
5bdc22074SAneesh Bansal 
6bdc22074SAneesh Bansal #ifndef __CONFIG_FSL_CHAIN_TRUST_H
7bdc22074SAneesh Bansal #define __CONFIG_FSL_CHAIN_TRUST_H
8bdc22074SAneesh Bansal 
9bdc22074SAneesh Bansal #ifdef CONFIG_CHAIN_OF_TRUST
10bdc22074SAneesh Bansal 
11bdc22074SAneesh Bansal #ifndef CONFIG_EXTRA_ENV
12bdc22074SAneesh Bansal #define CONFIG_EXTRA_ENV	""
13bdc22074SAneesh Bansal #endif
14bdc22074SAneesh Bansal 
15bdc22074SAneesh Bansal /*
16bdc22074SAneesh Bansal  * Control should not reach back to uboot after validation of images
17bdc22074SAneesh Bansal  * for secure boot flow and therefore bootscript should have
18bdc22074SAneesh Bansal  * the bootm command. If control reaches back to uboot anyhow
19bdc22074SAneesh Bansal  * after validating images, core should just spin.
20bdc22074SAneesh Bansal  */
21bdc22074SAneesh Bansal 
22bdc22074SAneesh Bansal /*
23bdc22074SAneesh Bansal  * Define the key hash for boot script here if public/private key pair used to
24bdc22074SAneesh Bansal  * sign bootscript are different from the SRK hash put in the fuse
25bdc22074SAneesh Bansal  * Example of defining KEY_HASH is
26bdc22074SAneesh Bansal  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
27bdc22074SAneesh Bansal  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
28bdc22074SAneesh Bansal  */
29bdc22074SAneesh Bansal 
305abc1a45SSam Protsenko #ifdef CONFIG_USE_BOOTARGS
312bfe4890SSaksham Jain #define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
322bfe4890SSaksham Jain #else
332bfe4890SSaksham Jain #define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
342bfe4890SSaksham Jain 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
352bfe4890SSaksham Jain #endif
362bfe4890SSaksham Jain 
372bfe4890SSaksham Jain 
38bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
39bdc22074SAneesh Bansal #define CONFIG_SECBOOT \
40bdc22074SAneesh Bansal 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
412bfe4890SSaksham Jain 	CONFIG_SET_BOOTARGS	\
42bdc22074SAneesh Bansal 	CONFIG_EXTRA_ENV	\
43bdc22074SAneesh Bansal 	"esbc_validate $bs_hdraddr " \
44bdc22074SAneesh Bansal 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
45bdc22074SAneesh Bansal 	"source $img_addr;"	\
46bdc22074SAneesh Bansal 	"esbc_halt\0"
47bdc22074SAneesh Bansal #else
48bdc22074SAneesh Bansal #define CONFIG_SECBOOT \
49bdc22074SAneesh Bansal 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
502bfe4890SSaksham Jain 	CONFIG_SET_BOOTARGS	\
51bdc22074SAneesh Bansal 	CONFIG_EXTRA_ENV	\
52bdc22074SAneesh Bansal 	"esbc_validate $bs_hdraddr;" \
53bdc22074SAneesh Bansal 	"source $img_addr;"	\
54bdc22074SAneesh Bansal 	"esbc_halt\0"
55bdc22074SAneesh Bansal #endif
56bdc22074SAneesh Bansal 
57bdc22074SAneesh Bansal #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
58bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV \
59bdc22074SAneesh Bansal 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
6069d4b48cSSumit Garg 	"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
61bdc22074SAneesh Bansal 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
62bdc22074SAneesh Bansal 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
6369d4b48cSSumit Garg 	"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
64bdc22074SAneesh Bansal 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
65bdc22074SAneesh Bansal 
663f701cc5SSaksham Jain /* For secure boot flow, default environment used will be used */
67762f92a6SRuchika Gupta #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
68762f92a6SRuchika Gupta 	defined(CONFIG_SD_BOOT)
69762f92a6SRuchika Gupta #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
70bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD \
7169d4b48cSSumit Garg 	"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
7269d4b48cSSumit Garg 	"nand read $bs_ram $bs_device $bs_size ;"
7369d4b48cSSumit Garg #elif defined(CONFIG_SD_BOOT)
743f701cc5SSaksham Jain #define CONFIG_BS_COPY_CMD \
7569d4b48cSSumit Garg 	"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
7669d4b48cSSumit Garg 	"mmc read $bs_ram $bs_device $bs_size ;"
77762f92a6SRuchika Gupta #endif
78762f92a6SRuchika Gupta #else
7969d4b48cSSumit Garg #define CONFIG_BS_COPY_CMD \
8069d4b48cSSumit Garg 	"cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
8169d4b48cSSumit Garg 	"cp.b $bs_device $bs_ram  $bs_size ;"
82bdc22074SAneesh Bansal #endif
833f701cc5SSaksham Jain #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
84bdc22074SAneesh Bansal 
85bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_ENV
86bdc22074SAneesh Bansal #define CONFIG_BS_COPY_ENV
87bdc22074SAneesh Bansal #endif
88bdc22074SAneesh Bansal 
89bdc22074SAneesh Bansal #ifndef CONFIG_BS_COPY_CMD
90bdc22074SAneesh Bansal #define CONFIG_BS_COPY_CMD
91bdc22074SAneesh Bansal #endif
92bdc22074SAneesh Bansal 
93bdc22074SAneesh Bansal #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
94bdc22074SAneesh Bansal 				CONFIG_BS_COPY_CMD \
95bdc22074SAneesh Bansal 				CONFIG_SECBOOT
96bdc22074SAneesh Bansal 
97bdc22074SAneesh Bansal #endif
98bdc22074SAneesh Bansal #endif
99