LS1012AFRWY: Add Secure Boot support

Added the following:
1. defconfig for LS1012AFRWY Secure boot
2. PfE Validation support

Signed-off-by: Vinitha V Pillai <vinitha.pillai@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

1 files changed, 29 insertions, 0 deletions

diff --git a/drivers/net/pfe_eth/pfe_firmware.c b/drivers/net/pfe_eth/pfe_firmware.c
index f06ed37292..adb2d06010 100644
--- a/drivers/net/pfe_eth/pfe_firmware.c
+++ b/drivers/net/pfe_eth/pfe_firmware.c
@@ -12,6 +12,9 @@
 
 #include <net/pfe_eth/pfe_eth.h>
 #include <net/pfe_eth/pfe_firmware.h>
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
 
 #define PFE_FIRMEWARE_FIT_CNF_NAME	"config@1"
 
@@ -168,10 +171,15 @@ static int pfe_fit_check(void)
  */
 int pfe_firmware_init(void)
 {
+#define PFE_KEY_HASH	NULL
 	char *pfe_firmware_name;
 	const void *raw_image_addr;
 	size_t raw_image_size = 0;
 	u8 *pfe_firmware;
+#ifdef CONFIG_CHAIN_OF_TRUST
+	uintptr_t pfe_esbc_hdr = 0;
+	uintptr_t pfe_img_addr = 0;
+#endif
 	int ret = 0;
 	int fw_count;
 
@@ -179,6 +187,27 @@ int pfe_firmware_init(void)
 	if (ret)
 		goto err;
 
+#ifdef CONFIG_CHAIN_OF_TRUST
+	pfe_esbc_hdr = CONFIG_SYS_LS_PFE_ESBC_ADDR;
+	pfe_img_addr = (uintptr_t)pfe_fit_addr;
+	if (fsl_check_boot_mode_secure() != 0) {
+		/*
+		 * In case of failure in validation, fsl_secboot_validate
+		 * would not return back in case of Production environment
+		 * with ITS=1. In Development environment (ITS=0 and
+		 * SB_EN=1), the function may return back in case of
+		 * non-fatal failures.
+		 */
+		ret = fsl_secboot_validate(pfe_esbc_hdr,
+					   PFE_KEY_HASH,
+					   &pfe_img_addr);
+		if (ret != 0)
+			printf("PFE firmware(s) validation failed\n");
+		else
+			printf("PFE firmware(s) validation Successful\n");
+	}
+#endif
+
 	for (fw_count = 0; fw_count < 2; fw_count++) {
 		if (fw_count == 0)
 			pfe_firmware_name = "class";