1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3  * Copyright 2015 Freescale Semiconductor, Inc.
4  */
5 
6 #ifndef __CONFIG_FSL_CHAIN_TRUST_H
7 #define __CONFIG_FSL_CHAIN_TRUST_H
8 
9 #include <linux/stringify.h>
10 
11 #ifdef CONFIG_CHAIN_OF_TRUST
12 
13 #ifndef CONFIG_EXTRA_ENV
14 #define CONFIG_EXTRA_ENV	""
15 #endif
16 
17 /*
18  * Control should not reach back to uboot after validation of images
19  * for secure boot flow and therefore bootscript should have
20  * the bootm command. If control reaches back to uboot anyhow
21  * after validating images, core should just spin.
22  */
23 
24 /*
25  * Define the key hash for boot script here if public/private key pair used to
26  * sign bootscript are different from the SRK hash put in the fuse
27  * Example of defining KEY_HASH is
28  * #define CONFIG_BOOTSCRIPT_KEY_HASH \
29  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
30  */
31 
32 #ifdef CONFIG_USE_BOOTARGS
33 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
34 #else
35 #define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
36 				"rw console=ttyS0,115200 ramdisk_size=600000\';"
37 #endif
38 
39 
40 #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
41 #define CONFIG_SECBOOT \
42 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
43 	CONFIG_SET_BOOTARGS	\
44 	CONFIG_EXTRA_ENV	\
45 	"esbc_validate $bs_hdraddr " \
46 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
47 	"source $img_addr;"	\
48 	"esbc_halt\0"
49 #else
50 #define CONFIG_SECBOOT \
51 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
52 	CONFIG_SET_BOOTARGS	\
53 	CONFIG_EXTRA_ENV	\
54 	"esbc_validate $bs_hdraddr;" \
55 	"source $img_addr;"	\
56 	"esbc_halt\0"
57 #endif
58 
59 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
60 #define CONFIG_BS_COPY_ENV \
61 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
62 	"setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
63 	"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
64 	"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
65 	"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
66 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
67 
68 /* For secure boot flow, default environment used will be used */
69 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
70 	defined(CONFIG_SD_BOOT)
71 #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
72 #define CONFIG_BS_COPY_CMD \
73 	"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
74 	"nand read $bs_ram $bs_device $bs_size ;"
75 #elif defined(CONFIG_SD_BOOT)
76 #define CONFIG_BS_COPY_CMD \
77 	"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
78 	"mmc read $bs_ram $bs_device $bs_size ;"
79 #endif
80 #else
81 #define CONFIG_BS_COPY_CMD \
82 	"cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
83 	"cp.b $bs_device $bs_ram  $bs_size ;"
84 #endif
85 #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
86 
87 #ifndef CONFIG_BS_COPY_ENV
88 #define CONFIG_BS_COPY_ENV
89 #endif
90 
91 #ifndef CONFIG_BS_COPY_CMD
92 #define CONFIG_BS_COPY_CMD
93 #endif
94 
95 #define CONFIG_CHAIN_BOOT_CMD	CONFIG_BS_COPY_ENV \
96 				CONFIG_BS_COPY_CMD \
97 				CONFIG_SECBOOT
98 
99 #endif
100 #endif
101