1 /*
2  * Copyright 2015 Freescale Semiconductor, Inc.
3  *
4  * SPDX-License-Identifier:	GPL-2.0+
5  */
6 
7 #ifndef __CONFIG_FSL_CHAIN_TRUST_H
8 #define __CONFIG_FSL_CHAIN_TRUST_H
9 
10 #ifdef CONFIG_CHAIN_OF_TRUST
11 
12 #ifndef CONFIG_EXTRA_ENV
13 #define CONFIG_EXTRA_ENV	""
14 #endif
15 
16 /*
17  * Control should not reach back to uboot after validation of images
18  * for secure boot flow and therefore bootscript should have
19  * the bootm command. If control reaches back to uboot anyhow
20  * after validating images, core should just spin.
21  */
22 
23 /*
24  * Define the key hash for boot script here if public/private key pair used to
25  * sign bootscript are different from the SRK hash put in the fuse
26  * Example of defining KEY_HASH is
27  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
28  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
29  */
30 
31 #ifdef CONFIG_USE_BOOTARGS
32 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
33 #else
34 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
35 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
36 #endif
37 
38 
39 #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
40 #define CONFIG_SECBOOT \
41 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
42 	CONFIG_SET_BOOTARGS	\
43 	CONFIG_EXTRA_ENV	\
44 	"esbc_validate $bs_hdraddr " \
45 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
46 	"source $img_addr;"	\
47 	"esbc_halt\0"
48 #else
49 #define CONFIG_SECBOOT \
50 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
51 	CONFIG_SET_BOOTARGS	\
52 	CONFIG_EXTRA_ENV	\
53 	"esbc_validate $bs_hdraddr;" \
54 	"source $img_addr;"	\
55 	"esbc_halt\0"
56 #endif
57 
58 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
59 #define CONFIG_BS_COPY_ENV \
60 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
61 	"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
62 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
63 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
64 	"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
65 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
66 
67 /* For secure boot flow, default environment used will be used */
68 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
69 	defined(CONFIG_SD_BOOT)
70 #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
71 #define CONFIG_BS_COPY_CMD \
72 	"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
73 	"nand read $bs_ram $bs_device $bs_size ;"
74 #elif defined(CONFIG_SD_BOOT)
75 #define CONFIG_BS_COPY_CMD \
76 	"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
77 	"mmc read $bs_ram $bs_device $bs_size ;"
78 #endif
79 #else
80 #define CONFIG_BS_COPY_CMD \
81 	"cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
82 	"cp.b $bs_device $bs_ram  $bs_size ;"
83 #endif
84 #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
85 
86 #ifndef CONFIG_BS_COPY_ENV
87 #define CONFIG_BS_COPY_ENV
88 #endif
89 
90 #ifndef CONFIG_BS_COPY_CMD
91 #define CONFIG_BS_COPY_CMD
92 #endif
93 
94 #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
95 				CONFIG_BS_COPY_CMD \
96 				CONFIG_SECBOOT
97 
98 #endif
99 #endif
100