diff options
author | Aneesh Bansal <aneesh.bansal@nxp.com> | 2016-01-22 16:37:27 +0530 |
---|---|---|
committer | York Sun <york.sun@nxp.com> | 2016-01-27 08:12:56 -0800 |
commit | d0a6d7ce55ec40d23ad96b549d596afd8f70735c (patch) | |
tree | 64d3a04cc0e71aebaee1731c4eb08cced0c7e9ec /arch/powerpc | |
parent | d041288586b05164c84794a5956ddc5fb8939115 (diff) |
secure_boot: enable chain of trust for PowerPC platforms
Chain of Trust is enabled for PowerPC platforms for Secure Boot.
CONFIG_BOARD_LATE_INIT is defined.
In board_late_init(), fsl_setenv_chain_of_trust() is called which
will perform the following:
- If boot mode is non-secure, return (No Change)
- If boot mode is secure, set the following environmet variables:
bootdelay = 0 (To disable Boot Prompt)
bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'arch/powerpc')
-rw-r--r-- | arch/powerpc/cpu/mpc85xx/cpu_init.c | 14 | ||||
-rw-r--r-- | arch/powerpc/include/asm/fsl_secure_boot.h | 7 |
2 files changed, 21 insertions, 0 deletions
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index 13a7d0f664..d51616ba22 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -27,6 +27,9 @@ #include <hwconfig.h> #include <linux/compiler.h> #include "mp.h" +#ifdef CONFIG_CHAIN_OF_TRUST +#include <fsl_validate.h> +#endif #ifdef CONFIG_FSL_CAAM #include <fsl_sec.h> #endif @@ -1009,3 +1012,14 @@ void cpu_secondary_init_r(void) qe_reset(); #endif } + +#ifdef CONFIG_BOARD_LATE_INIT +int board_late_init(void) +{ +#ifdef CONFIG_CHAIN_OF_TRUST + fsl_setenv_chain_of_trust(); +#endif + + return 0; +} +#endif diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 41058d11ad..c45cace552 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -87,6 +87,13 @@ #define CONFIG_FSL_CAAM #endif +/* fsl_setenv_chain_of_trust() must be called from + * board_late_init() + */ +#ifndef CONFIG_BOARD_LATE_INIT +#define CONFIG_BOARD_LATE_INIT +#endif + /* If Boot Script is not on NOR and is required to be copied on RAM */ #ifdef CONFIG_BOOTSCRIPT_COPY_RAM #define CONFIG_BS_HDR_ADDR_RAM 0x00010000 |