xref: /openbmc/u-boot/include/config_fsl_chain_trust.h (revision 88dc40991494951015978b381bc37899fd9971d4)
1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3  * Copyright 2015 Freescale Semiconductor, Inc.
4  */
5 
6 #ifndef __CONFIG_FSL_CHAIN_TRUST_H
7 #define __CONFIG_FSL_CHAIN_TRUST_H
8 
9 #ifdef CONFIG_CHAIN_OF_TRUST
10 
11 #ifndef CONFIG_EXTRA_ENV
12 #define CONFIG_EXTRA_ENV	""
13 #endif
14 
15 /*
16  * Control should not reach back to uboot after validation of images
17  * for secure boot flow and therefore bootscript should have
18  * the bootm command. If control reaches back to uboot anyhow
19  * after validating images, core should just spin.
20  */
21 
22 /*
23  * Define the key hash for boot script here if public/private key pair used to
24  * sign bootscript are different from the SRK hash put in the fuse
25  * Example of defining KEY_HASH is
26  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
27  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
28  */
29 
30 #ifdef CONFIG_USE_BOOTARGS
31 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
32 #else
33 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
34 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
35 #endif
36 
37 
38 #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
39 #define CONFIG_SECBOOT \
40 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
41 	CONFIG_SET_BOOTARGS	\
42 	CONFIG_EXTRA_ENV	\
43 	"esbc_validate $bs_hdraddr " \
44 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
45 	"source $img_addr;"	\
46 	"esbc_halt\0"
47 #else
48 #define CONFIG_SECBOOT \
49 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
50 	CONFIG_SET_BOOTARGS	\
51 	CONFIG_EXTRA_ENV	\
52 	"esbc_validate $bs_hdraddr;" \
53 	"source $img_addr;"	\
54 	"esbc_halt\0"
55 #endif
56 
57 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
58 #define CONFIG_BS_COPY_ENV \
59 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
60 	"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
61 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
62 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
63 	"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
64 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
65 
66 /* For secure boot flow, default environment used will be used */
67 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
68 	defined(CONFIG_SD_BOOT)
69 #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
70 #define CONFIG_BS_COPY_CMD \
71 	"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
72 	"nand read $bs_ram $bs_device $bs_size ;"
73 #elif defined(CONFIG_SD_BOOT)
74 #define CONFIG_BS_COPY_CMD \
75 	"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
76 	"mmc read $bs_ram $bs_device $bs_size ;"
77 #endif
78 #else
79 #define CONFIG_BS_COPY_CMD \
80 	"cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
81 	"cp.b $bs_device $bs_ram  $bs_size ;"
82 #endif
83 #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
84 
85 #ifndef CONFIG_BS_COPY_ENV
86 #define CONFIG_BS_COPY_ENV
87 #endif
88 
89 #ifndef CONFIG_BS_COPY_CMD
90 #define CONFIG_BS_COPY_CMD
91 #endif
92 
93 #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
94 				CONFIG_BS_COPY_CMD \
95 				CONFIG_SECBOOT
96 
97 #endif
98 #endif
99