From 2d91b533312888e596563a299588e81906383464 Mon Sep 17 00:00:00 2001 From: Vinitha V Pillai Date: Wed, 23 May 2018 11:03:31 +0530 Subject: LS1012AFRWY: Add Secure Boot support Added the following: 1. defconfig for LS1012AFRWY Secure boot 2. PfE Validation support Signed-off-by: Vinitha V Pillai Reviewed-by: York Sun --- drivers/net/pfe_eth/pfe_firmware.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'drivers/net') diff --git a/drivers/net/pfe_eth/pfe_firmware.c b/drivers/net/pfe_eth/pfe_firmware.c index f06ed37292..adb2d06010 100644 --- a/drivers/net/pfe_eth/pfe_firmware.c +++ b/drivers/net/pfe_eth/pfe_firmware.c @@ -12,6 +12,9 @@ #include #include +#ifdef CONFIG_CHAIN_OF_TRUST +#include +#endif #define PFE_FIRMEWARE_FIT_CNF_NAME "config@1" @@ -168,10 +171,15 @@ static int pfe_fit_check(void) */ int pfe_firmware_init(void) { +#define PFE_KEY_HASH NULL char *pfe_firmware_name; const void *raw_image_addr; size_t raw_image_size = 0; u8 *pfe_firmware; +#ifdef CONFIG_CHAIN_OF_TRUST + uintptr_t pfe_esbc_hdr = 0; + uintptr_t pfe_img_addr = 0; +#endif int ret = 0; int fw_count; @@ -179,6 +187,27 @@ int pfe_firmware_init(void) if (ret) goto err; +#ifdef CONFIG_CHAIN_OF_TRUST + pfe_esbc_hdr = CONFIG_SYS_LS_PFE_ESBC_ADDR; + pfe_img_addr = (uintptr_t)pfe_fit_addr; + if (fsl_check_boot_mode_secure() != 0) { + /* + * In case of failure in validation, fsl_secboot_validate + * would not return back in case of Production environment + * with ITS=1. In Development environment (ITS=0 and + * SB_EN=1), the function may return back in case of + * non-fatal failures. + */ + ret = fsl_secboot_validate(pfe_esbc_hdr, + PFE_KEY_HASH, + &pfe_img_addr); + if (ret != 0) + printf("PFE firmware(s) validation failed\n"); + else + printf("PFE firmware(s) validation Successful\n"); + } +#endif + for (fw_count = 0; fw_count < 2; fw_count++) { if (fw_count == 0) pfe_firmware_name = "class"; -- cgit