[U-Boot] [PATCH 1/2] configs: secure_boot: Add config to enable SETEXPR command.
SETEXPR command is used while running secure boot (chain of trust with confidentiality) feature.
To use the setexpr command from uboot comsole CONFIG_CMD_SETEXPR config needs to be enabled in defconfig.
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com --- configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 1 + 14 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig index 02f5dedfa2..bf68873466 100644 --- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig @@ -50,4 +50,5 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_RSA_SOFTWARE_EXP=y diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig index 9a6139e58c..80fb0c473c 100644 --- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig @@ -30,7 +30,7 @@ CONFIG_CMD_SF=y CONFIG_CMD_SPI=y CONFIG_DEFAULT_SPI_BUS=1 CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig index 5e524e74c1..f8b7585802 100644 --- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y CONFIG_CMD_PCI=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb" diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig index 7cd2f59d7b..b1d2c6bb3e 100644 --- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig index 3432f90087..3cd6cb56bf 100644 --- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig index 8964042fcc..919d8b0e0f 100644 --- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig @@ -58,4 +58,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig index a481cb104d..637febf9a5 100644 --- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig @@ -52,3 +52,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig index e5522d8629..116c9a26c7 100644 --- a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig @@ -53,3 +53,4 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig index 715d07934c..69e39e7207 100644 --- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig @@ -59,3 +59,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig index 3244d5659a..8cd246a63e 100644 --- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig @@ -52,3 +52,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig index d2c9c59b77..5ba353e60e 100644 --- a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_CMD_I2C=y CONFIG_CMD_MMC=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_MP=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb" diff --git a/configs/ls2088ardb_tfa_SECURE_BOOT_defconfig b/configs/ls2088ardb_tfa_SECURE_BOOT_defconfig index ee3a83a075..360dadff09 100644 --- a/configs/ls2088ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls2088ardb_tfa_SECURE_BOOT_defconfig @@ -28,7 +28,7 @@ CONFIG_CMD_NAND=y CONFIG_CMD_PCI=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_CMD_DATE=y CONFIG_MP=y diff --git a/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig index 6a6188384f..c0d5faa11c 100644 --- a/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig @@ -61,3 +61,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig index 643995d82b..7229262c96 100644 --- a/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig @@ -58,3 +58,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y
Maximum size of secure boot header to be read from MMC is 12KB which spans across 0x20 blocks.
Hence increases the mmc read size for secure boot headers from MMC to 0x20 blocks.
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com --- include/configs/ls1088ardb.h | 18 +++++++++--------- include/configs/ls2080ardb.h | 8 ++++---- include/configs/lx2160a_common.h | 8 ++++---- 3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h index 322adb530a..7500c3d3c6 100644 --- a/include/configs/ls1088ardb.h +++ b/include/configs/ls1088ardb.h @@ -320,8 +320,8 @@ "mmcinfo;mmc read 0x80000000 0x5000 0x800;" \ "mmc read 0x80100000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80000000 0x80100000\0" @@ -342,8 +342,8 @@ "mcinitcmd=mmcinfo;mmc read 0x80000000 0x5000 0x800;" \ "mmc read 0x80100000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80000000 0x80100000\0" \ @@ -377,7 +377,7 @@ "load_addr=0xa0000000\0" \ "kernel_size=0x2800000\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ QSPI_MC_INIT_CMD \ "mcmemsize=0x70000000\0" \ BOOTENV \ @@ -446,7 +446,7 @@ "load_addr=0xa0000000\0" \ "kernel_size=0x2800000\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ MC_INIT_CMD \ BOOTENV \ "boot_scripts=ls1088ardb_boot.scr\0" \ @@ -493,7 +493,7 @@ #undef CONFIG_BOOTCOMMAND #ifdef CONFIG_TFABOOT #define QSPI_NOR_BOOTCOMMAND \ - "sf read 0x80001000 0xd00000 0x100000;" \ + "sf read 0x80001000 0xd00000 0x100000;" \ "env exists mcinitcmd && env exists secureboot " \ " && sf read 0x80780000 0x780000 0x100000 " \ "&& esbc_validate 0x80780000;env exists mcinitcmd " \ @@ -504,7 +504,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; " \ "env exists mcinitcmd && env exists secureboot " \ - " && mmc read 0x80780000 0x3C00 0x10 " \ + " && mmc read 0x80780000 0x3C00 0x20 " \ "&& esbc_validate 0x80780000;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_bootcmd;run sd_bootcmd;" \ @@ -527,7 +527,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; " \ "env exists mcinitcmd && env exists secureboot " \ - " && mmc read 0x80780000 0x3C00 0x10 " \ + " && mmc read 0x80780000 0x3C00 0x20 " \ "&& esbc_validate 0x80780000;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_bootcmd;run sd_bootcmd;" \ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 2e8a8bbdb7..cb80f12c32 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -345,8 +345,8 @@ unsigned long get_board_sys_clk(void); "mmcinfo;mmc read 0x80000000 0x5000 0x800;" \ "mmc read 0x80100000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80000000 0x80100000\0" @@ -367,8 +367,8 @@ unsigned long get_board_sys_clk(void); "mcinitcmd=mmcinfo;mmc read 0x80000000 0x5000 0x800;" \ "mmc read 0x80100000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80000000 0x80100000\0" \ diff --git a/include/configs/lx2160a_common.h b/include/configs/lx2160a_common.h index 02534b365e..e18c8dfd57 100644 --- a/include/configs/lx2160a_common.h +++ b/include/configs/lx2160a_common.h @@ -216,8 +216,8 @@ int select_i2c_ch_pca9547_sec(unsigned char ch); "mmc read 0x80a00000 0x5000 0x1200;" \ "mmc read 0x80e00000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80a00000 0x80e00000\0" @@ -243,7 +243,7 @@ int select_i2c_ch_pca9547_sec(unsigned char ch); "kernel_addr_sd=0x8000\0" \ "kernelhdr_addr_sd=0x3E00\0" \ "kernel_size_sd=0x1d000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ "console=ttyAMA0,38400n8\0" \ BOOTENV \ "mcmemsize=0x70000000\0" \ @@ -281,7 +281,7 @@ int select_i2c_ch_pca9547_sec(unsigned char ch); "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80d00000 0x6800 0x800; " \ "env exists mcinitcmd && env exists secureboot " \ - " && mmc read 0x80780000 0x3C00 0x10 " \ + " && mmc read 0x80780000 0x3C00 0x20 " \ "&& esbc_validate 0x80780000;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80d00000;" \ "run distro_bootcmd;run sd_bootcmd;" \
participants (1)
-
Udit Agarwal