fsl_secure_boot.h 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. /*
  2. * Copyright 2010-2011 Freescale Semiconductor, Inc.
  3. *
  4. * SPDX-License-Identifier: GPL-2.0+
  5. */
  6. #ifndef __FSL_SECURE_BOOT_H
  7. #define __FSL_SECURE_BOOT_H
  8. #include <asm/config_mpc85xx.h>
  9. #ifdef CONFIG_SECURE_BOOT
  10. #ifndef CONFIG_FIT_SIGNATURE
  11. #define CONFIG_CHAIN_OF_TRUST
  12. #endif
  13. #if defined(CONFIG_FSL_CORENET)
  14. #define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000
  15. #elif defined(CONFIG_TARGET_BSC9132QDS)
  16. #define CONFIG_SYS_PBI_FLASH_BASE 0xc8000000
  17. #elif defined(CONFIG_TARGET_C29XPCIE)
  18. #define CONFIG_SYS_PBI_FLASH_BASE 0xcc000000
  19. #else
  20. #define CONFIG_SYS_PBI_FLASH_BASE 0xce000000
  21. #endif
  22. #define CONFIG_SYS_PBI_FLASH_WINDOW 0xcff80000
  23. #if defined(CONFIG_B4860QDS) || \
  24. defined(CONFIG_T4240QDS) || \
  25. defined(CONFIG_T2080QDS) || \
  26. defined(CONFIG_T2080RDB) || \
  27. defined(CONFIG_T1040QDS) || \
  28. defined(CONFIG_T104xD4QDS) || \
  29. defined(CONFIG_T104xRDB) || \
  30. defined(CONFIG_T104xD4RDB) || \
  31. defined(CONFIG_PPC_T1023) || \
  32. defined(CONFIG_PPC_T1024)
  33. #ifndef CONFIG_SYS_RAMBOOT
  34. #define CONFIG_SYS_CPC_REINIT_F
  35. #endif
  36. #define CONFIG_KEY_REVOCATION
  37. #undef CONFIG_SYS_INIT_L3_ADDR
  38. #define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
  39. #endif
  40. #if defined(CONFIG_RAMBOOT_PBL)
  41. #undef CONFIG_SYS_INIT_L3_ADDR
  42. #ifdef CONFIG_SYS_INIT_L3_VADDR
  43. #define CONFIG_SYS_INIT_L3_ADDR \
  44. (CONFIG_SYS_INIT_L3_VADDR & ~0xFFF00000) | \
  45. 0xbff00000
  46. #else
  47. #define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
  48. #endif
  49. #endif
  50. #if defined(CONFIG_TARGET_C29XPCIE)
  51. #define CONFIG_KEY_REVOCATION
  52. #endif
  53. #if defined(CONFIG_ARCH_P3041) || \
  54. defined(CONFIG_ARCH_P4080) || \
  55. defined(CONFIG_ARCH_P5020) || \
  56. defined(CONFIG_PPC_P5040) || \
  57. defined(CONFIG_ARCH_P2041)
  58. #define CONFIG_FSL_TRUST_ARCH_v1
  59. #endif
  60. #if defined(CONFIG_FSL_CORENET) && !defined(CONFIG_SYS_RAMBOOT)
  61. /* The key used for verification of next level images
  62. * is picked up from an Extension Table which has
  63. * been verified by the ISBC (Internal Secure boot Code)
  64. * in boot ROM of the SoC.
  65. * The feature is only applicable in case of NOR boot and is
  66. * not applicable in case of RAMBOOT (NAND, SD, SPI).
  67. */
  68. #define CONFIG_FSL_ISBC_KEY_EXT
  69. #endif
  70. #endif /* #ifdef CONFIG_SECURE_BOOT */
  71. #ifdef CONFIG_CHAIN_OF_TRUST
  72. #ifdef CONFIG_SPL_BUILD
  73. /*
  74. * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init
  75. * due to space crunch on CPC and thus malloc will not work.
  76. */
  77. #define CONFIG_SPL_PPAACT_ADDR 0x2e000000
  78. #define CONFIG_SPL_SPAACT_ADDR 0x2f000000
  79. #define CONFIG_SPL_JR0_LIODN_S 454
  80. #define CONFIG_SPL_JR0_LIODN_NS 458
  81. /*
  82. * Define the key hash for U-Boot here if public/private key pair used to
  83. * sign U-boot are different from the SRK hash put in the fuse
  84. * Example of defining KEY_HASH is
  85. * #define CONFIG_SPL_UBOOT_KEY_HASH \
  86. * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
  87. * else leave it defined as NULL
  88. */
  89. #define CONFIG_SPL_UBOOT_KEY_HASH NULL
  90. #endif /* ifdef CONFIG_SPL_BUILD */
  91. #define CONFIG_CMD_ESBC_VALIDATE
  92. #define CONFIG_CMD_BLOB
  93. #define CONFIG_FSL_SEC_MON
  94. #define CONFIG_SHA_PROG_HW_ACCEL
  95. #define CONFIG_RSA_FREESCALE_EXP
  96. #ifndef CONFIG_FSL_CAAM
  97. #define CONFIG_FSL_CAAM
  98. #endif
  99. #ifndef CONFIG_SPL_BUILD
  100. /*
  101. * fsl_setenv_chain_of_trust() must be called from
  102. * board_late_init()
  103. */
  104. #ifndef CONFIG_BOARD_LATE_INIT
  105. #define CONFIG_BOARD_LATE_INIT
  106. #endif
  107. /* If Boot Script is not on NOR and is required to be copied on RAM */
  108. #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
  109. #define CONFIG_BS_HDR_ADDR_RAM 0x00010000
  110. #define CONFIG_BS_HDR_ADDR_DEVICE 0x00800000
  111. #define CONFIG_BS_HDR_SIZE 0x00002000
  112. #define CONFIG_BS_ADDR_RAM 0x00012000
  113. #define CONFIG_BS_ADDR_DEVICE 0x00802000
  114. #define CONFIG_BS_SIZE 0x00001000
  115. #define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
  116. #else
  117. /* The bootscript header address is different for B4860 because the NOR
  118. * mapping is different on B4 due to reduced NOR size.
  119. */
  120. #if defined(CONFIG_B4860QDS)
  121. #define CONFIG_BOOTSCRIPT_HDR_ADDR 0xecc00000
  122. #elif defined(CONFIG_FSL_CORENET)
  123. #define CONFIG_BOOTSCRIPT_HDR_ADDR 0xe8e00000
  124. #elif defined(CONFIG_TARGET_BSC9132QDS)
  125. #define CONFIG_BOOTSCRIPT_HDR_ADDR 0x88020000
  126. #elif defined(CONFIG_TARGET_C29XPCIE)
  127. #define CONFIG_BOOTSCRIPT_HDR_ADDR 0xec020000
  128. #else
  129. #define CONFIG_BOOTSCRIPT_HDR_ADDR 0xee020000
  130. #endif
  131. #endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
  132. #include <config_fsl_chain_trust.h>
  133. #endif /* #ifndef CONFIG_SPL_BUILD */
  134. #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
  135. #endif