static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
char *hash_str = NULL;
uintptr_t haddr;
int ret;
if (argc < 2)
return cmd_usage(cmdtp);
else if (argc > 2)
/* Second arg - Optional - Hash Str*/
hash_str = argv[2];
/* First argument - header address -32/64bit */
haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
/* With esbc_validate command, Image address must be
* part of header. So, the function is called
* by passing this argument as 0.
*/
ret = fsl_secboot_validate(haddr, hash_str, 0);
if (ret)
return 1;
printf("esbc_validate command successful\n");
return 0;
}
int ppa_init(void)
{
const void *ppa_fit_addr;
u32 *boot_loc_ptr_l, *boot_loc_ptr_h;
int ret;
#ifdef CONFIG_CHAIN_OF_TRUST
uintptr_t ppa_esbc_hdr = CONFIG_SYS_LS_PPA_ESBC_ADDR;
uintptr_t ppa_img_addr = 0;
#endif
#ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
ppa_fit_addr = (void *)CONFIG_SYS_LS_PPA_FW_ADDR;
#else
#error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
#endif
#ifdef CONFIG_CHAIN_OF_TRUST
ppa_img_addr = (uintptr_t)ppa_fit_addr;
if (fsl_check_boot_mode_secure() != 0) {
ret = fsl_secboot_validate(ppa_esbc_hdr,
CONFIG_PPA_KEY_HASH,
&ppa_img_addr);
if (ret != 0)
printf("PPA validation failed\n");
else
printf("PPA validation Successful\n");
}
#endif
#ifdef CONFIG_FSL_LSCH3
struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
boot_loc_ptr_l = &gur->bootlocptrl;
boot_loc_ptr_h = &gur->bootlocptrh;
#elif defined(CONFIG_FSL_LSCH2)
struct ccsr_scfg __iomem *scfg = (void *)(CONFIG_SYS_FSL_SCFG_ADDR);
boot_loc_ptr_l = &scfg->scratchrw[1];
boot_loc_ptr_h = &scfg->scratchrw[0];
#endif
debug("fsl-ppa: boot_loc_ptr_l = 0x%p, boot_loc_ptr_h =0x%p\n",
boot_loc_ptr_l, boot_loc_ptr_h);
ret = sec_firmware_init(ppa_fit_addr, boot_loc_ptr_l, boot_loc_ptr_h);
return ret;
}
void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
{
int res;
/*
* Check Boot Mode
* If Boot Mode is Non-Secure, skip validation
*/
if (fsl_check_boot_mode_secure() == 0)
return;
printf("SPL: Validating U-Boot image\n");
#ifdef CONFIG_ADDR_MAP
init_addr_map();
#endif
#ifdef CONFIG_FSL_CORENET
if (pamu_init() < 0)
fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT);
#endif
#ifdef CONFIG_FSL_CAAM
if (sec_init() < 0)
fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT);
#endif
/*
* dm_init_and_scan() is called as part of common SPL framework, so no
* need to call it again but in case of powerpc platforms which currently
* do not use common SPL framework, so need to call this function here.
*/
#if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK))
dm_init_and_scan(false);
#endif
res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH,
&img_addr);
if (res == 0)
printf("SPL: Validation of U-boot successful\n");
}
static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
char *hash_str = NULL;
uintptr_t haddr;
int ret;
uintptr_t img_addr = 0;
char buf[20];
if (argc < 2)
return cmd_usage(cmdtp);
else if (argc > 2)
/* Second arg - Optional - Hash Str*/
hash_str = argv[2];
/* First argument - header address -32/64bit */
haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
/* With esbc_validate command, Image address must be
* part of header. So, the function is called
* by passing this argument as 0.
*/
ret = fsl_secboot_validate(haddr, hash_str, &img_addr);
/* Need to set "img_addr" even if validation failure.
* Required when SB_EN in RCW set and non-fatal error
* to continue U-Boot
*/
sprintf(buf, "%lx", img_addr);
env_set("img_addr", buf);
if (ret)
return 1;
printf("esbc_validate command successful\n");
return 0;
}
