[people/ms/u-boot.git] / arch / arm / include / asm / fsl_secure_boot.h

/*
 * Copyright 2015 Freescale Semiconductor, Inc.
 *
 * SPDX-License-Identifier:	GPL-2.0+
 */

#ifndef __FSL_SECURE_BOOT_H
#define __FSL_SECURE_BOOT_H

#ifdef CONFIG_CHAIN_OF_TRUST
#define CONFIG_CMD_ESBC_VALIDATE
#define CONFIG_FSL_SEC_MON
#define CONFIG_SHA_HW_ACCEL
#define CONFIG_SHA_PROG_HW_ACCEL

#define CONFIG_SPL_BOARD_INIT
#ifdef CONFIG_SPL_BUILD
/*
 * Define the key hash for U-Boot here if public/private key pair used to
 * sign U-boot are different from the SRK hash put in the fuse
 * Example of defining KEY_HASH is
 * #define CONFIG_SPL_UBOOT_KEY_HASH \
 *      "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
 * else leave it defined as NULL
 */

#define CONFIG_SPL_UBOOT_KEY_HASH	NULL
#endif /* ifdef CONFIG_SPL_BUILD */

#define CONFIG_KEY_REVOCATION

#ifndef CONFIG_SPL_BUILD
#define CONFIG_CMD_BLOB
#define CONFIG_CMD_HASH
#ifndef CONFIG_SYS_RAMBOOT
/* The key used for verification of next level images
 * is picked up from an Extension Table which has
 * been verified by the ISBC (Internal Secure boot Code)
 * in boot ROM of the SoC.
 * The feature is only applicable in case of NOR boot and is
 * not applicable in case of RAMBOOT (NAND, SD, SPI).
 * For LS, this feature is available for all device if IE Table
 * is copied to XIP memory
 * Also, for LS, ISBC doesn't verify this table.
 */
#define CONFIG_FSL_ISBC_KEY_EXT

#endif

#if defined(CONFIG_FSL_LAYERSCAPE)
/*
 * For fsl layerscape based platforms, ESBC image Address in Header
 * is 64 bit.
 */
#define CONFIG_ESBC_ADDR_64BIT
#endif

#ifdef CONFIG_LS2080A
#define CONFIG_EXTRA_ENV \
	"setenv fdt_high 0xa0000000;"	\
	"setenv initrd_high 0xcfffffff;"	\
	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
#else
#define CONFIG_EXTRA_ENV \
	"setenv fdt_high 0xffffffff;"	\
	"setenv initrd_high 0xffffffff;"	\
	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
#endif

/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
 * Non-XIP Memory (Nand/SD)*/
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
	defined(CONFIG_SD_BOOT) || defined(CONFIG_NAND_BOOT)
#define CONFIG_BOOTSCRIPT_COPY_RAM
#endif
/* The address needs to be modified according to NOR, NAND, SD and
 * DDR memory map
 */
#ifdef CONFIG_FSL_LSCH3
#define CONFIG_BS_HDR_ADDR_DEVICE	0x580d00000
#define CONFIG_BS_ADDR_DEVICE		0x580e00000
#define CONFIG_BS_HDR_ADDR_RAM		0xa0d00000
#define CONFIG_BS_ADDR_RAM		0xa0e00000
#define CONFIG_BS_HDR_SIZE		0x00002000
#define CONFIG_BS_SIZE			0x00001000
#else
#ifdef CONFIG_SD_BOOT
/* For SD boot address and size are assigned in terms of sector
 * offset and no. of sectors respectively.
 */
#if defined(CONFIG_LS1043A)
#define CONFIG_BS_HDR_ADDR_DEVICE	0x00000920
#else
#define CONFIG_BS_HDR_ADDR_DEVICE       0x00000900
#endif
#define CONFIG_BS_ADDR_DEVICE		0x00000940
#define CONFIG_BS_HDR_SIZE		0x00000010
#define CONFIG_BS_SIZE			0x00000008
#elif defined(CONFIG_NAND_BOOT)
#define CONFIG_BS_HDR_ADDR_DEVICE      0x00800000
#define CONFIG_BS_ADDR_DEVICE          0x00802000
#define CONFIG_BS_HDR_SIZE             0x00002000
#define CONFIG_BS_SIZE                 0x00001000
#elif defined(CONFIG_QSPI_BOOT)
#ifdef CONFIG_ARCH_LS1046A
#define CONFIG_BS_HDR_ADDR_DEVICE	0x40780000
#define CONFIG_BS_ADDR_DEVICE		0x40800000
#elif defined(CONFIG_ARCH_LS1012A)
#define CONFIG_BS_HDR_ADDR_DEVICE      0x400c0000
#define CONFIG_BS_ADDR_DEVICE          0x40060000
#else
#error "Platform not supported"
#endif
#define CONFIG_BS_HDR_SIZE		0x00002000
#define CONFIG_BS_SIZE			0x00001000
#else /* Default NOR Boot */
#define CONFIG_BS_HDR_ADDR_DEVICE	0x600a0000
#define CONFIG_BS_ADDR_DEVICE		0x60060000
#define CONFIG_BS_HDR_SIZE		0x00002000
#define CONFIG_BS_SIZE			0x00001000
#endif
#define CONFIG_BS_HDR_ADDR_RAM		0x81000000
#define CONFIG_BS_ADDR_RAM		0x81020000
#endif

#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_RAM
#define CONFIG_BOOTSCRIPT_ADDR		CONFIG_BS_ADDR_RAM
#else
#define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_DEVICE
/* BOOTSCRIPT_ADDR is not required */
#endif

#ifdef CONFIG_FSL_LS_PPA
/* Define the key hash here if SRK used for signing PPA image is
 * different from SRK hash put in SFP used for U-Boot.
 * Example
 * #define PPA_KEY_HASH \
 *	"41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
 */
#define PPA_KEY_HASH		NULL
#endif /* ifdef CONFIG_FSL_LS_PPA */

#include <config_fsl_chain_trust.h>
#endif /* #ifndef CONFIG_SPL_BUILD */
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif
Commit	Line	Data
	1	/*
	2	* Copyright 2015 Freescale Semiconductor, Inc.
	3	*
	4	* SPDX-License-Identifier: GPL-2.0+
	5	*/
	6
	7	#ifndef __FSL_SECURE_BOOT_H
	8	#define __FSL_SECURE_BOOT_H
	9
	10	#ifdef CONFIG_CHAIN_OF_TRUST
	11	#define CONFIG_CMD_ESBC_VALIDATE
	12	#define CONFIG_FSL_SEC_MON
	13	#define CONFIG_SHA_HW_ACCEL
	14	#define CONFIG_SHA_PROG_HW_ACCEL
	15
	16	#define CONFIG_SPL_BOARD_INIT
	17	#ifdef CONFIG_SPL_BUILD
	18	/*
	19	* Define the key hash for U-Boot here if public/private key pair used to
	20	* sign U-boot are different from the SRK hash put in the fuse
	21	* Example of defining KEY_HASH is
	22	* #define CONFIG_SPL_UBOOT_KEY_HASH \
	23	* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
	24	* else leave it defined as NULL
	25	*/
	26
	27	#define CONFIG_SPL_UBOOT_KEY_HASH NULL
	28	#endif /* ifdef CONFIG_SPL_BUILD */
	29
	30	#define CONFIG_KEY_REVOCATION
	31
	32	#ifndef CONFIG_SPL_BUILD
	33	#define CONFIG_CMD_BLOB
	34	#define CONFIG_CMD_HASH
	35	#ifndef CONFIG_SYS_RAMBOOT
	36	/* The key used for verification of next level images
	37	* is picked up from an Extension Table which has
	38	* been verified by the ISBC (Internal Secure boot Code)
	39	* in boot ROM of the SoC.
	40	* The feature is only applicable in case of NOR boot and is
	41	* not applicable in case of RAMBOOT (NAND, SD, SPI).
	42	* For LS, this feature is available for all device if IE Table
	43	* is copied to XIP memory
	44	* Also, for LS, ISBC doesn't verify this table.
	45	*/
	46	#define CONFIG_FSL_ISBC_KEY_EXT
	47
	48	#endif
	49
	50	#if defined(CONFIG_FSL_LAYERSCAPE)
	51	/*
	52	* For fsl layerscape based platforms, ESBC image Address in Header
	53	* is 64 bit.
	54	*/
	55	#define CONFIG_ESBC_ADDR_64BIT
	56	#endif
	57
	58	#ifdef CONFIG_LS2080A
	59	#define CONFIG_EXTRA_ENV \
	60	"setenv fdt_high 0xa0000000;" \
	61	"setenv initrd_high 0xcfffffff;" \
	62	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
	63	#else
	64	#define CONFIG_EXTRA_ENV \
	65	"setenv fdt_high 0xffffffff;" \
	66	"setenv initrd_high 0xffffffff;" \
	67	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
	68	#endif
	69
	70	/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
	71	* Non-XIP Memory (Nand/SD)*/
	72	#if defined(CONFIG_SYS_RAMBOOT) \|\| defined(CONFIG_FSL_LSCH3) \|\| \
	73	defined(CONFIG_SD_BOOT) \|\| defined(CONFIG_NAND_BOOT)
	74	#define CONFIG_BOOTSCRIPT_COPY_RAM
	75	#endif
	76	/* The address needs to be modified according to NOR, NAND, SD and
	77	* DDR memory map
	78	*/
	79	#ifdef CONFIG_FSL_LSCH3
	80	#define CONFIG_BS_HDR_ADDR_DEVICE 0x580d00000
	81	#define CONFIG_BS_ADDR_DEVICE 0x580e00000
	82	#define CONFIG_BS_HDR_ADDR_RAM 0xa0d00000
	83	#define CONFIG_BS_ADDR_RAM 0xa0e00000
	84	#define CONFIG_BS_HDR_SIZE 0x00002000
	85	#define CONFIG_BS_SIZE 0x00001000
	86	#else
	87	#ifdef CONFIG_SD_BOOT
	88	/* For SD boot address and size are assigned in terms of sector
	89	* offset and no. of sectors respectively.
	90	*/
	91	#if defined(CONFIG_LS1043A)
	92	#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000920
	93	#else
	94	#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900
	95	#endif
	96	#define CONFIG_BS_ADDR_DEVICE 0x00000940
	97	#define CONFIG_BS_HDR_SIZE 0x00000010
	98	#define CONFIG_BS_SIZE 0x00000008
	99	#elif defined(CONFIG_NAND_BOOT)
	100	#define CONFIG_BS_HDR_ADDR_DEVICE 0x00800000
	101	#define CONFIG_BS_ADDR_DEVICE 0x00802000
	102	#define CONFIG_BS_HDR_SIZE 0x00002000
	103	#define CONFIG_BS_SIZE 0x00001000
	104	#elif defined(CONFIG_QSPI_BOOT)
	105	#ifdef CONFIG_ARCH_LS1046A
	106	#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000
	107	#define CONFIG_BS_ADDR_DEVICE 0x40800000
	108	#elif defined(CONFIG_ARCH_LS1012A)
	109	#define CONFIG_BS_HDR_ADDR_DEVICE 0x400c0000
	110	#define CONFIG_BS_ADDR_DEVICE 0x40060000
	111	#else
	112	#error "Platform not supported"
	113	#endif
	114	#define CONFIG_BS_HDR_SIZE 0x00002000
	115	#define CONFIG_BS_SIZE 0x00001000
	116	#else /* Default NOR Boot */
	117	#define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000
	118	#define CONFIG_BS_ADDR_DEVICE 0x60060000
	119	#define CONFIG_BS_HDR_SIZE 0x00002000
	120	#define CONFIG_BS_SIZE 0x00001000
	121	#endif
	122	#define CONFIG_BS_HDR_ADDR_RAM 0x81000000
	123	#define CONFIG_BS_ADDR_RAM 0x81020000
	124	#endif
	125
	126	#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
	127	#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
	128	#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM
	129	#else
	130	#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_DEVICE
	131	/* BOOTSCRIPT_ADDR is not required */
	132	#endif
	133
	134	#ifdef CONFIG_FSL_LS_PPA
	135	/* Define the key hash here if SRK used for signing PPA image is
	136	* different from SRK hash put in SFP used for U-Boot.
	137	* Example
	138	* #define PPA_KEY_HASH \
	139	* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
	140	*/
	141	#define PPA_KEY_HASH NULL
	142	#endif /* ifdef CONFIG_FSL_LS_PPA */
	143
	144	#include <config_fsl_chain_trust.h>
	145	#endif /* #ifndef CONFIG_SPL_BUILD */
	146	#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
	147	#endif