diff options
| author | Peng Fan <peng.fan@nxp.com> | 2019-09-25 08:11:17 +0000 |
|---|---|---|
| committer | Stefano Babic <sbabic@denx.de> | 2019-11-03 17:04:16 +0100 |
| commit | b06ff8f50dd54f57174c454f23ae50fd5dc074e4 (patch) | |
| tree | 99c1c60a33f4180c87240702a16dbef375f308ea | |
| parent | 7e2db742319beacdb23445f214e02c4c55efa680 (diff) | |
imx8qm: mek: add secure boot script
Add secure boot script, use ahab to verify image
Signed-off-by: Peng Fan <peng.fan@nxp.com>
| -rw-r--r-- | include/configs/imx8qm_mek.h | 64 |
1 files changed, 49 insertions, 15 deletions
diff --git a/include/configs/imx8qm_mek.h b/include/configs/imx8qm_mek.h index 2b8f85ded1..37ef595e4e 100644 --- a/include/configs/imx8qm_mek.h +++ b/include/configs/imx8qm_mek.h @@ -54,8 +54,15 @@ #define CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG +#ifdef CONFIG_AHAB_BOOT +#define AHAB_ENV "sec_boot=yes\0" +#else +#define AHAB_ENV "sec_boot=no\0" +#endif + /* Initial environment variables */ #define CONFIG_EXTRA_ENV_SETTINGS \ + AHAB_ENV \ "script=boot.scr\0" \ "image=Image\0" \ "panel=NULL\0" \ @@ -76,16 +83,27 @@ "source\0" \ "loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \ "loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \ + "boot_os=booti ${loadaddr} - ${fdt_addr};\0" \ + "loadcntr=fatload mmc ${mmcdev}:${mmcpart} ${cntr_addr} ${cntr_file}\0" \ + "auth_os=auth_cntr ${cntr_addr}\0" \ "mmcboot=echo Booting from mmc ...; " \ "run mmcargs; " \ - "if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \ - "if run loadfdt; then " \ - "booti ${loadaddr} - ${fdt_addr}; " \ + "if test ${sec_boot} = yes; then " \ + "if run auth_os; then " \ + "run boot_os; " \ "else " \ - "echo WARN: Cannot load the DT; " \ + "echo ERR: failed to authenticate; " \ "fi; " \ "else " \ - "echo wait for boot; " \ + "if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \ + "if run loadfdt; then " \ + "run boot_os; " \ + "else " \ + "echo WARN: Cannot load the DT; " \ + "fi; " \ + "else " \ + "echo wait for boot; " \ + "fi;" \ "fi;\0" \ "netargs=setenv bootargs console=${console} " \ "root=/dev/nfs " \ @@ -97,15 +115,24 @@ "else " \ "setenv get_cmd tftp; " \ "fi; " \ - "${get_cmd} ${loadaddr} ${image}; " \ - "if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \ - "if ${get_cmd} ${fdt_addr} ${fdt_file}; then " \ - "booti ${loadaddr} - ${fdt_addr}; " \ + "if test ${sec_boot} = yes; then " \ + "${get_cmd} ${cntr_addr} ${cntr_file}; " \ + "if run auth_os; then " \ + "run boot_os; " \ "else " \ - "echo WARN: Cannot load the DT; " \ + "echo ERR: failed to authenticate; " \ "fi; " \ "else " \ - "booti; " \ + "${get_cmd} ${loadaddr} ${image}; " \ + "if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \ + "if ${get_cmd} ${fdt_addr} ${fdt_file}; then " \ + "booti ${loadaddr} - ${fdt_addr}; " \ + "else " \ + "echo WARN: Cannot load the DT; " \ + "fi; " \ + "else " \ + "booti; " \ + "fi;" \ "fi;\0" #define CONFIG_BOOTCOMMAND \ @@ -113,10 +140,17 @@ "if run loadbootscript; then " \ "run bootscript; " \ "else " \ - "if run loadimage; then " \ - "run mmcboot; " \ - "else run netboot; " \ - "fi; " \ + "if test ${sec_boot} = yes; then " \ + "if run loadcntr; then " \ + "run mmcboot; " \ + "else run netboot; " \ + "fi; " \ + "else " \ + "if run loadimage; then " \ + "run mmcboot; " \ + "else run netboot; " \ + "fi; " \ + "fi; " \ "fi; " \ "else booti ${loadaddr} - ${fdt_addr}; fi" |