[U-Boot] [PATCH 6/7] enable chain of trust for PowerPC platforms

Chain of Trust is enabled for PowerPC platforms for Secure Boot. CONFIG_BOARD_LATE_INIT is defined. In board_late_init(), fsl_setenv_chain_of_trust() is called which will perform the following: - If boot mode is non-secure, return (No Change) - If boot mode is secure, set the following environmet variables: bootdelay = 0 (To disable Boot Prompt) bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)

Signed-off-by: Aneesh Bansal aneesh.bansal@freescale.com --- arch/powerpc/cpu/mpc85xx/cpu_init.c | 12 ++++++++++++ arch/powerpc/include/asm/fsl_secure_boot.h | 7 +++++++ 2 files changed, 19 insertions(+)

diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index 13a7d0f..a02f6f5 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -26,6 +26,7 @@ #include <fsl_usb.h> #include <hwconfig.h> #include <linux/compiler.h> +#include <fsl_validate.h> #include "mp.h" #ifdef CONFIG_FSL_CAAM #include <fsl_sec.h> @@ -1009,3 +1010,14 @@ void cpu_secondary_init_r(void) qe_reset(); #endif } + +#ifdef CONFIG_BOARD_LATE_INIT +int board_late_init(void) +{ +#ifdef CONFIG_CHAIN_OF_TRUST + fsl_setenv_chain_of_trust(); +#endif + + return 0; +} +#endif diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index b29246a..a4ea15c 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -13,6 +13,13 @@ #define CONFIG_CHAIN_OF_TRUST #endif

+/* fsl_setenv_chain_of_trust() must be called from + * board_late_init() + */ +#ifndef CONFIG_BOARD_LATE_INIT +#define CONFIG_BOARD_LATE_INIT +#endif + #if defined(CONFIG_FSL_CORENET) #define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000 #elif defined(CONFIG_BSC9132QDS)