1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3  * Copyright 2015 Freescale Semiconductor, Inc.
4  * Copyright 2017 NXP
5  */
6 
7 #ifndef __FSL_SECURE_BOOT_H
8 #define __FSL_SECURE_BOOT_H
9 
10 #ifdef CONFIG_CHAIN_OF_TRUST
11 #define CONFIG_FSL_SEC_MON
12 
13 #ifdef CONFIG_SPL_BUILD
14 /*
15  * Define the key hash for U-Boot here if public/private key pair used to
16  * sign U-boot are different from the SRK hash put in the fuse
17  * Example of defining KEY_HASH is
18  * #define CONFIG_SPL_UBOOT_KEY_HASH \
19  *      "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
20  * else leave it defined as NULL
21  */
22 
23 #define CONFIG_SPL_UBOOT_KEY_HASH	NULL
24 #endif /* ifdef CONFIG_SPL_BUILD */
25 
26 #define CONFIG_KEY_REVOCATION
27 
28 #if defined(CONFIG_FSL_LAYERSCAPE)
29 /*
30  * For fsl layerscape based platforms, ESBC image Address in Header
31  * is 64 bit.
32  */
33 #define CONFIG_ESBC_ADDR_64BIT
34 #endif
35 
36 #ifndef CONFIG_SPL_BUILD
37 #ifndef CONFIG_SYS_RAMBOOT
38 /* The key used for verification of next level images
39  * is picked up from an Extension Table which has
40  * been verified by the ISBC (Internal Secure boot Code)
41  * in boot ROM of the SoC.
42  * The feature is only applicable in case of NOR boot and is
43  * not applicable in case of RAMBOOT (NAND, SD, SPI).
44  * For LS, this feature is available for all device if IE Table
45  * is copied to XIP memory
46  * Also, for LS, ISBC doesn't verify this table.
47  */
48 #define CONFIG_FSL_ISBC_KEY_EXT
49 
50 #endif
51 
52 #ifdef CONFIG_ARCH_LS2080A
53 #define CONFIG_EXTRA_ENV \
54 	"setenv fdt_high 0xa0000000;"	\
55 	"setenv initrd_high 0xcfffffff;"	\
56 	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
57 #else
58 #define CONFIG_EXTRA_ENV \
59 	"setenv fdt_high 0xffffffff;"	\
60 	"setenv initrd_high 0xffffffff;"	\
61 	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
62 #endif
63 
64 /* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
65  * Non-XIP Memory (Nand/SD)*/
66 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
67 	defined(CONFIG_SD_BOOT) || defined(CONFIG_NAND_BOOT)
68 #define CONFIG_BOOTSCRIPT_COPY_RAM
69 #endif
70 /* The address needs to be modified according to NOR, NAND, SD and
71  * DDR memory map
72  */
73 #ifdef CONFIG_FSL_LSCH3
74 #ifdef CONFIG_QSPI_BOOT
75 #define CONFIG_BS_ADDR_DEVICE		0x20600000
76 #define CONFIG_BS_HDR_ADDR_DEVICE	0x20640000
77 #else /* NOR BOOT */
78 #define CONFIG_BS_ADDR_DEVICE		0x580600000
79 #define CONFIG_BS_HDR_ADDR_DEVICE	0x580640000
80 #endif /*ifdef CONFIG_QSPI_BOOT */
81 #define CONFIG_BS_SIZE			0x00001000
82 #define CONFIG_BS_HDR_SIZE		0x00004000
83 #define CONFIG_BS_ADDR_RAM		0xa0600000
84 #define CONFIG_BS_HDR_ADDR_RAM		0xa0640000
85 #else
86 #ifdef CONFIG_SD_BOOT
87 /* For SD boot address and size are assigned in terms of sector
88  * offset and no. of sectors respectively.
89  */
90 #define CONFIG_BS_ADDR_DEVICE		0x00003000
91 #define CONFIG_BS_HDR_ADDR_DEVICE	0x00003200
92 #define CONFIG_BS_SIZE			0x00000008
93 #define CONFIG_BS_HDR_SIZE		0x00000010
94 #elif defined(CONFIG_NAND_BOOT)
95 #define CONFIG_BS_ADDR_DEVICE		0x00600000
96 #define CONFIG_BS_HDR_ADDR_DEVICE	0x00640000
97 #define CONFIG_BS_SIZE			0x00001000
98 #define CONFIG_BS_HDR_SIZE		0x00002000
99 #elif defined(CONFIG_QSPI_BOOT)
100 #define CONFIG_BS_ADDR_DEVICE		0x40600000
101 #define CONFIG_BS_HDR_ADDR_DEVICE	0x40640000
102 #define CONFIG_BS_SIZE			0x00001000
103 #define CONFIG_BS_HDR_SIZE		0x00002000
104 #else /* Default NOR Boot */
105 #define CONFIG_BS_ADDR_DEVICE		0x60600000
106 #define CONFIG_BS_HDR_ADDR_DEVICE	0x60640000
107 #define CONFIG_BS_SIZE			0x00001000
108 #define CONFIG_BS_HDR_SIZE		0x00002000
109 #endif
110 #define CONFIG_BS_ADDR_RAM		0x81000000
111 #define CONFIG_BS_HDR_ADDR_RAM		0x81020000
112 #endif
113 
114 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
115 #define CONFIG_BOOTSCRIPT_ADDR		CONFIG_BS_ADDR_RAM
116 #define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_RAM
117 #else
118 #define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_DEVICE
119 /* BOOTSCRIPT_ADDR is not required */
120 #endif
121 
122 #ifdef CONFIG_FSL_LS_PPA
123 /* Define the key hash here if SRK used for signing PPA image is
124  * different from SRK hash put in SFP used for U-Boot.
125  * Example
126  * #define PPA_KEY_HASH \
127  *	"41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
128  */
129 #define PPA_KEY_HASH		NULL
130 #endif /* ifdef CONFIG_FSL_LS_PPA */
131 
132 #include <config_fsl_chain_trust.h>
133 #endif /* #ifndef CONFIG_SPL_BUILD */
134 #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
135 #endif
136