Re: [U-Boot] [PATCH v3 6/7] enable chain of trust for PowerPC platforms

-----Original Message----- From: Aneesh Bansal [mailto:aneesh.bansal@nxp.com] Sent: Friday, January 22, 2016 4:37 PM To: u-boot@lists.denx.de Cc: york sun york.sun@nxp.com; Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; Aneesh Bansal aneesh.bansal@nxp.com Subject: [PATCH v3 6/7] enable chain of trust for PowerPC platforms

Chain of Trust is enabled for PowerPC platforms for Secure Boot. CONFIG_BOARD_LATE_INIT is defined. In board_late_init(), fsl_setenv_chain_of_trust() is called which will perform the following:

• If boot mode is non-secure, return (No Change)
• If boot mode is secure, set the following environmet variables: bootdelay = 0 (To disable Boot Prompt) bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)

Signed-off-by: Aneesh Bansal aneesh.bansal@nxp.com

Changes in v3: Protect the inclusion of file fsl_validate.h with macro CONFIG_CHAIN_OF_TRUST

Changes in v2: None (Changed the Sign-Off with New E-Mail ID)

arch/powerpc/cpu/mpc85xx/cpu_init.c | 14 ++++++++++++++ arch/powerpc/include/asm/fsl_secure_boot.h | 7 +++++++ 2 files changed, 21 insertions(+)

diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index 50bb86a..a4dc140 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -27,6 +27,9 @@ #include <hwconfig.h> #include <linux/compiler.h> #include "mp.h" +#ifdef CONFIG_CHAIN_OF_TRUST +#include <fsl_validate.h> +#endif #ifdef CONFIG_FSL_CAAM #include <fsl_sec.h> #endif @@ -1011,3 +1014,14 @@ void cpu_secondary_init_r(void) qe_reset(); #endif }

+#ifdef CONFIG_BOARD_LATE_INIT +int board_late_init(void) +{ +#ifdef CONFIG_CHAIN_OF_TRUST

• fsl_setenv_chain_of_trust();

+#endif

• return 0;

+} +#endif diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 41058d1..c45cace 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -87,6 +87,13 @@ #define CONFIG_FSL_CAAM #endif

+/* fsl_setenv_chain_of_trust() must be called from

• • board_late_init()
• */

+#ifndef CONFIG_BOARD_LATE_INIT +#define CONFIG_BOARD_LATE_INIT +#endif

/* If Boot Script is not on NOR and is required to be copied on RAM */ #ifdef CONFIG_BOOTSCRIPT_COPY_RAM

#define CONFIG_BS_HDR_ADDR_RAM 0x00010000

1.8.1.4

Acked-by: Ruchika Gupta ruchika.gupta@nxp.com