include/config_fsl_secboot.h

   1 /*
   2  * Copyright 2015 Freescale Semiconductor, Inc.
   3  *
   4  * SPDX-License-Identifier:     GPL-2.0+
   5  */
   6
   7 #ifndef __CONFIG_FSL_SECBOOT_H
   8 #define __CONFIG_FSL_SECBOOT_H
   9
  10 #ifdef CONFIG_SECURE_BOOT
  11
  12 #ifndef CONFIG_CMD_ESBC_VALIDATE
  13 #define CONFIG_CMD_ESBC_VALIDATE
  14 #endif
  15
  16 #ifndef CONFIG_EXTRA_ENV
  17 #define CONFIG_EXTRA_ENV        ""
  18 #endif
  19
  20 /*
  21  * Control should not reach back to uboot after validation of images
  22  * for secure boot flow and therefore bootscript should have
  23  * the bootm command. If control reaches back to uboot anyhow
  24  * after validating images, core should just spin.
  25  */
  26
  27 /*
  28  * Define the key hash for boot script here if public/private key pair used to
  29  * sign bootscript are different from the SRK hash put in the fuse
  30  * Example of defining KEY_HASH is
  31  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
  32  *       "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
  33  */
  34
  35 #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
  36 #define CONFIG_SECBOOT \
  37         "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
  38         "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "      \
  39         "ramdisk_size=600000\';"        \
  40         CONFIG_EXTRA_ENV        \
  41         "esbc_validate $bs_hdraddr " \
  42           __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
  43         "source $img_addr;"     \
  44         "esbc_halt\0"
  45 #else
  46 #define CONFIG_SECBOOT \
  47         "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
  48         "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "      \
  49         "ramdisk_size=600000\';"        \
  50         CONFIG_EXTRA_ENV        \
  51         "esbc_validate $bs_hdraddr;" \
  52         "source $img_addr;"     \
  53         "esbc_halt\0"
  54 #endif
  55
  56 /* For secure boot flow, default environment used will be used */
  57 #if defined(CONFIG_SYS_RAMBOOT)
  58 #if defined(CONFIG_RAMBOOT_SPIFLASH)
  59 #undef CONFIG_ENV_IS_IN_SPI_FLASH
  60 #elif defined(CONFIG_RAMBOOT_NAND)
  61 #undef CONFIG_ENV_IS_IN_NAND
  62 #elif defined(CONFIG_RAMBOOT_SDCARD)
  63 #undef CONFIG_ENV_IS_IN_MMC
  64 #endif
  65 #else /*CONFIG_SYS_RAMBOOT*/
  66 #undef CONFIG_ENV_IS_IN_FLASH
  67 #endif
  68
  69 #define CONFIG_ENV_IS_NOWHERE
  70
  71 /*
  72  * We don't want boot delay for secure boot flow
  73  * before autoboot starts
  74  */
  75 #undef CONFIG_BOOTDELAY
  76 #define CONFIG_BOOTDELAY        0
  77 #undef CONFIG_BOOTCOMMAND
  78 #define CONFIG_BOOTCOMMAND              CONFIG_SECBOOT
  79
  80 /*
  81  * CONFIG_ZERO_BOOTDELAY_CHECK should not be defined for
  82  * secure boot flow as defining this would enable a user to
  83  * reach uboot prompt by pressing some key before start of
  84  * autoboot
  85  */
  86 #undef CONFIG_ZERO_BOOTDELAY_CHECK
  87
  88 #endif
  89 #endif