Add secure boot support for environment selection.
Signed-off-by: Pankit Garg pankit.garg@nxp.com Signed-off-by: Rajesh Bhagat rajesh.bhagat@nxp.com --- Change in v2: None
arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c index f72e23e0de..2b511ebe6d 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c @@ -33,6 +33,9 @@
#ifdef CONFIG_TFABOOT #include <environment.h> +#ifdef CONFIG_CHAIN_OF_TRUST +#include <fsl_validate.h> +#endif #endif
DECLARE_GLOBAL_DATA_PTR; @@ -739,6 +742,14 @@ enum env_location env_get_location(enum env_operation op, int prio) if (prio) return ENVL_UNKNOWN;
+#ifdef CONFIG_CHAIN_OF_TRUST + /* Check Boot Mode + * If Boot Mode is Secure, return ENVL_NOWHERE + */ + if (fsl_check_boot_mode_secure() == 1) + goto done; +#endif + switch (src) { case BOOT_SOURCE_IFC_NOR: env_loc = ENVL_FLASH; @@ -766,6 +777,9 @@ enum env_location env_get_location(enum env_operation op, int prio) break; }
+#ifdef CONFIG_CHAIN_OF_TRUST +done: +#endif
return env_loc; }