summaryrefslogtreecommitdiff
path: root/include/config_fsl_chain_trust.h
AgeCommit message (Collapse)Author
2017-08-14common: Move CONFIG_BOOTARGS to KconfigSam Protsenko
Also introduce CONFIG_USE_BOOTARGS option so we can control if CONFIG_BOOTARGS defined at all. Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> [trini: Resync r8a779[56]_ulcb, various ls10xx targets] Signed-off-by: Tom Rini <trini@konsulko.com>
2017-07-25Convert CONFIG_ENV_IS_IN_SPI_FLASH to KconfigSimon Glass
This converts the following to Kconfig: CONFIG_ENV_IS_IN_SPI_FLASH Signed-off-by: Simon Glass <sjg@chromium.org>
2017-07-25Convert CONFIG_ENV_IS_IN_EEPROM to KconfigSimon Glass
This converts the following to Kconfig: CONFIG_ENV_IS_IN_EEPROM Signed-off-by: Simon Glass <sjg@chromium.org>
2017-07-25Convert CONFIG_ENV_IS_IN_FLASH to KconfigSimon Glass
This converts the following to Kconfig: CONFIG_ENV_IS_IN_FLASH Signed-off-by: Simon Glass <sjg@chromium.org>
2017-07-25Convert CONFIG_ENV_IS_IN_MMC/NAND/UBI and NOWHERE to KconfigSimon Glass
This converts the following to Kconfig: CONFIG_ENV_IS_IN_MMC CONFIG_ENV_IS_IN_NAND CONFIG_ENV_IS_IN_UBI CONFIG_ENV_IS_NOWHERE In fact this already exists for sunxi as a 'choice' config. However not all the choices are available in Kconfig yet so we cannot use that. It would lead to more than one option being set. In addition, one purpose of this series is to allow the environment to be stored in more than one place. So the existing choice is converted to a normal config allowing each option to be set independently. There are not many opportunities for Kconfig updates to reduce the size of this patch. This was tested with ./tools/moveconfig.py -i CONFIG_ENV_IS_IN_MMC And then manual updates. This is because for CHAIN_OF_TRUST boards they can only have ENV_IS_NOWHERE set, so we enforce that via Kconfig logic now. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
2017-04-17arm: ls1043ardb: Add NAND secure boot targetRuchika Gupta
Add NAND secure boot target for ls1043ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - MACRO for CONFIG_BOOTSCRIPT_COPY_RAM is enabled to copy Bootscript from NAND to DDR. Offsets for Bootscript on NAND and DDR have been also defined. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-26SECURE_BOOT: Enable SD as a source for bootscriptSumit Garg
Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29SECURE_BOOT: Use default bootargsSaksham Jain
For secure boot, currently we were using fixed bootargs for all SoCs. This is not needed and we can use the bootargs which are used in non-secure boot. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29armv8: fsl-lsch3: Copy Bootscript and header from NOR to DDRSaksham Jain
To unify steps for secure boot for xip (eg. NOR) and non-xip memories (eg. NAND, SD), bootscipts and its header are copied to main memory. Validation and execution are performed from there. For other ARM Platforms (ls1043 and ls1020), to avoid disruption of existing users, this copy step is not used for NOR boot. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27secure_boot: split the secure boot functionality in two partsAneesh Bansal
There are two phases in Secure Boot 1. ISBC: In BootROM, validate the BootLoader (U-Boot). 2. ESBC: In U-Boot, continuing the Chain of Trust by validating and booting LINUX. For ESBC phase, there is no difference in SoC's based on ARM or PowerPC cores. But the exit conditions after ISBC phase i.e. entry conditions for U-Boot are different for ARM and PowerPC. PowerPC: If Secure Boot is executed, a separate U-Boot target is required which must be compiled with a diffrent Text Base as compared to Non-Secure Boot. There are some LAW and TLB settings which are required specifically for Secure Boot scenario. ARM: ARM based SoC's have a fixed memory map and exit conditions from BootROM are same irrespective of boot mode (Secure or Non-Secure). Thus the current Secure Boot functionlity has been split into two parts: CONFIG_CHAIN_OF_TRUST This will have the following functionality as part of U-Boot: 1. Enable commands like esbc_validate, esbc_halt 2. Change the environment settings based on bootmode, determined at run time: - If bootmode is non-secure, no change - If bootmode is secure, set the following: - bootdelay = 0 (Don't give boot prompt) - bootcmd = Validate and execute the bootscript. CONFIG_SECURE_BOOT This is defined only for creating a different compile time target for secure boot. Traditionally, both these functionalities were defined under CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement for a separate Secure Boot target for ARM based SoC's. CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be determine at run time. Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot environemnt must not be picked from flash/external memory. This cannot be done based on bootmode at run time in current U-Boot architecture. Once this dependency is resolved, no separate SECURE_BOOT target will be required for ARM based SoC's. Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is defining CONFIG_ENV_IS_NOWHERE Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>