brain-hackers_pepepper-mirror/u-boot-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/u-boot-brain synced 2024-06-09 23:36:03 +09:00
Code Issues Projects Releases Wiki Activity

imx8qm: mek: add secure boot script

Browse Source 
Add secure boot script, use ahab to verify image

Signed-off-by: Peng Fan <peng.fan@nxp.com>
This commit is contained in:
Peng Fan 2019-09-25 08:11:17 +00:00 committed by Stefano Babic
parent 7e2db74231
commit b06ff8f50d
1 changed files with 49 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
include/configs/imx8qm_mek.h
View File

@ -54,8 +54,15 @@
#define CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG #define CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG
#ifdef CONFIG_AHAB_BOOT
#define AHAB_ENV "sec_boot=yes\0"
#else
#define AHAB_ENV "sec_boot=no\0"
#endif
/* Initial environment variables */ /* Initial environment variables */
#define CONFIG_EXTRA_ENV_SETTINGS \ #define CONFIG_EXTRA_ENV_SETTINGS \
AHAB_ENV \
"script=boot.scr\0" \ "script=boot.scr\0" \
"image=Image\0" \ "image=Image\0" \
"panel=NULL\0" \ "panel=NULL\0" \
@ -76,16 +83,27 @@
"source\0" \ "source\0" \
"loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \ "loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \
"loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \ "loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \
"boot_os=booti ${loadaddr} - ${fdt_addr};\0" \
"loadcntr=fatload mmc ${mmcdev}:${mmcpart} ${cntr_addr} ${cntr_file}\0" \
"auth_os=auth_cntr ${cntr_addr}\0" \
"mmcboot=echo Booting from mmc ...; " \ "mmcboot=echo Booting from mmc ...; " \
"run mmcargs; " \ "run mmcargs; " \
"if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \ "if test ${sec_boot} = yes; then " \
"if run loadfdt; then " \ "if run auth_os; then " \
"booti ${loadaddr} - ${fdt_addr}; " \ "run boot_os; " \
"else " \ "else " \
"echo WARN: Cannot load the DT; " \ "echo ERR: failed to authenticate; " \
"fi; " \ "fi; " \
"else " \ "else " \
"echo wait for boot; " \ "if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \
"if run loadfdt; then " \
"run boot_os; " \
"else " \
"echo WARN: Cannot load the DT; " \
"fi; " \
"else " \
"echo wait for boot; " \
"fi;" \
"fi;\0" \ "fi;\0" \
"netargs=setenv bootargs console=${console} " \ "netargs=setenv bootargs console=${console} " \
"root=/dev/nfs " \ "root=/dev/nfs " \
@ -97,15 +115,24 @@
"else " \ "else " \
"setenv get_cmd tftp; " \ "setenv get_cmd tftp; " \
"fi; " \ "fi; " \
"${get_cmd} ${loadaddr} ${image}; " \ "if test ${sec_boot} = yes; then " \
"if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \ "${get_cmd} ${cntr_addr} ${cntr_file}; " \
"if ${get_cmd} ${fdt_addr} ${fdt_file}; then " \ "if run auth_os; then " \
"booti ${loadaddr} - ${fdt_addr}; " \ "run boot_os; " \
"else " \ "else " \
"echo WARN: Cannot load the DT; " \ "echo ERR: failed to authenticate; " \
"fi; " \ "fi; " \
"else " \ "else " \
"booti; " \ "${get_cmd} ${loadaddr} ${image}; " \
"if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \
"if ${get_cmd} ${fdt_addr} ${fdt_file}; then " \
"booti ${loadaddr} - ${fdt_addr}; " \
"else " \
"echo WARN: Cannot load the DT; " \
"fi; " \
"else " \
"booti; " \
"fi;" \
"fi;\0" "fi;\0"
#define CONFIG_BOOTCOMMAND \ #define CONFIG_BOOTCOMMAND \
@ -113,10 +140,17 @@
"if run loadbootscript; then " \ "if run loadbootscript; then " \
"run bootscript; " \ "run bootscript; " \
"else " \ "else " \
"if run loadimage; then " \ "if test ${sec_boot} = yes; then " \
"run mmcboot; " \ "if run loadcntr; then " \
"else run netboot; " \ "run mmcboot; " \
"fi; " \ "else run netboot; " \
"fi; " \
"else " \
"if run loadimage; then " \
"run mmcboot; " \
"else run netboot; " \
"fi; " \
"fi; " \
"fi; " \ "fi; " \
"else booti ${loadaddr} - ${fdt_addr}; fi" "else booti ${loadaddr} - ${fdt_addr}; fi"