From 9b457cc6d16dadc29f3e7ed560171a9a20b9c5d7 Mon Sep 17 00:00:00 2001 From: Vinitha Pillai-B57223 Date: Wed, 22 Nov 2017 10:38:35 +0530 Subject: SECURE BOOT: Add fall back option Add fall back option, to boot from NOR/QSPI/SD for LS1043, LS1046, LS1021 in case of distro boot failure. For LS1046, add kernel validation in case of secure boot in sd_bootcmd and qspi_bootcmd. For LS1043 and LS1021, add kernel validation in case of secure boot in sd_bootcmd, qspi_bootcmdand nor_bootcmd. Signed-off-by: Vinitha Pillai Reviewed-by: York Sun --- include/configs/ls1021atwr.h | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) (limited to 'include/configs/ls1021atwr.h') diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h index 5be61ad7b6..3db7ef12b0 100644 --- a/include/configs/ls1021atwr.h +++ b/include/configs/ls1021atwr.h @@ -420,16 +420,22 @@ "initrd_high=0xffffffff\0" \ "fdt_high=0xffffffff\0" \ "fdt_addr=0x64f00000\0" \ - "kernel_addr=0x65000000\0" \ + "kernel_addr=0x61000000\0" \ + "kernelheader_addr=0x60800000\0" \ "scriptaddr=0x80000000\0" \ "scripthdraddr=0x80080000\0" \ "fdtheader_addr_r=0x80100000\0" \ "kernelheader_addr_r=0x80200000\0" \ "kernel_addr_r=0x81000000\0" \ + "kernelheader_size=0x40000\0" \ "fdt_addr_r=0x90000000\0" \ "ramdisk_addr_r=0xa0000000\0" \ "load_addr=0xa0000000\0" \ "kernel_size=0x2800000\0" \ + "kernel_addr_sd=0x8000\0" \ + "kernel_size_sd=0x14000\0" \ + "kernelhdr_addr_sd=0x4000\0" \ + "kernelhdr_size_sd=0x10\0" \ BOOTENV \ "boot_scripts=ls1021atwr_boot.scr\0" \ "boot_script_hdr=hdr_ls1021atwr_bs.out\0" \ @@ -460,26 +466,35 @@ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ "sf probe && sf read $load_addr " \ - "$kernel_addr $kernel_size && bootm $load_addr#$board\0" \ + "$kernel_addr $kernel_size; env exists secureboot " \ + "&& sf read $kernelheader_addr_r $kernelheader_addr " \ + "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \ + "bootm $load_addr#$board\0" \ "nor_bootcmd=echo Trying load from nor..;" \ "cp.b $kernel_addr $load_addr " \ - "$kernel_size && bootm $load_addr#$board\0" \ + "$kernel_size; env exists secureboot " \ + "&& cp.b $kernelheader_addr $kernelheader_addr_r " \ + "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \ + "bootm $load_addr#$board\0" \ "sd_bootcmd=echo Trying load from SD ..;" \ "mmcinfo && mmc read $load_addr " \ "$kernel_addr_sd $kernel_size_sd && " \ + "env exists secureboot && mmc read $kernelheader_addr_r " \ + "$kernelhdr_addr_sd $kernelhdr_size_sd " \ + " && esbc_validate ${kernelheader_addr_r};" \ "bootm $load_addr#$board\0" #endif #undef CONFIG_BOOTCOMMAND #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI) -#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \ - "&& esbc_halt; run qspi_bootcmd;" +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd" \ + "env exists secureboot && esbc_halt" #elif defined(CONFIG_SD_BOOT) -#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \ - "&& esbc_halt; run sd_bootcmd;" +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run sd_bootcmd; " \ + "env exists secureboot && esbc_halt;" #else -#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \ - "&& esbc_halt; run nor_bootcmd;" +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run nor_bootcmd;" \ + "env exists secureboot && esbc_halt;" #endif /* -- cgit