Add secure boot support for environment selection.
Signed-off-by: Pankit Garg pankit.garg@nxp.com Signed-off-by: Rajesh Bhagat rajesh.bhagat@nxp.com --- arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c index 1ab4d93638..063a8fea55 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c @@ -33,6 +33,9 @@
#ifdef CONFIG_TFABOOT #include <environment.h> +#ifdef CONFIG_CHAIN_OF_TRUST +#include <fsl_validate.h> +#endif #endif
DECLARE_GLOBAL_DATA_PTR; @@ -738,6 +741,14 @@ enum env_location env_get_location(enum env_operation op, int prio) if (prio) return ENVL_UNKNOWN;
+#ifdef CONFIG_CHAIN_OF_TRUST + /* Check Boot Mode + * If Boot Mode is Secure, return ENVL_NOWHERE + */ + if (fsl_check_boot_mode_secure() == 1) + goto done; +#endif + switch (src) { case BOOT_SOURCE_IFC_NOR: env_loc = ENVL_FLASH; @@ -765,6 +776,9 @@ enum env_location env_get_location(enum env_operation op, int prio) break; }
+#ifdef CONFIG_CHAIN_OF_TRUST +done: +#endif
return env_loc; }