diff options
| author | Vinitha V Pillai <vinitha.pillai@nxp.com> | 2019-04-23 08:52:17 +0300 |
|---|---|---|
| committer | Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> | 2019-05-22 09:54:24 +0300 |
| commit | 78c58082a926b4e4c5dda4332bec1016e778f670 (patch) | |
| tree | 63267ea2bb8972d58c0f85a626ee4394b0f44fa6 | |
| parent | 4dde343d7e9938e781feb3fbe360d6a7befa48f6 (diff) | |
| download | u-boot-78c58082a926b4e4c5dda4332bec1016e778f670.tar.xz | |
armv8: Secure Boot: Modify boot_a_script definition
esbc_validate command will not be executed if “load” command for its
header fails and will further execute the source command for bootscript,
without its validation and boot process continues.
To halt the boot process in case secure boot header is not loaded
successfully, esbc_validate command is invoked separately after “load”
command. The secure boot validation of the bootscript header will fail
(if header is not loaded) and halts the boot process, which prevent source
command from execution.
Signed-off-by: Vinitha V Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
| -rw-r--r-- | include/configs/ls1012afrwy.h | 3 | ||||
| -rw-r--r-- | include/configs/ls1012ardb.h | 3 | ||||
| -rw-r--r-- | include/configs/ls1021atwr.h | 3 | ||||
| -rw-r--r-- | include/configs/ls1043a_common.h | 3 | ||||
| -rw-r--r-- | include/configs/ls1046a_common.h | 5 | ||||
| -rw-r--r-- | include/configs/ls1088ardb.h | 3 | ||||
| -rw-r--r-- | include/configs/ls2080ardb.h | 3 |
7 files changed, 15 insertions, 8 deletions
diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h index ebb1df41c7..12e6437a05 100644 --- a/include/configs/ls1012afrwy.h +++ b/include/configs/ls1012afrwy.h @@ -98,7 +98,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h index f149a604cf..f6640fa499 100644 --- a/include/configs/ls1012ardb.h +++ b/include/configs/ls1012ardb.h @@ -98,7 +98,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h index 7fe7bab8e4..ec0aad5990 100644 --- a/include/configs/ls1021atwr.h +++ b/include/configs/ls1021atwr.h @@ -363,7 +363,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h index dc688f3af5..1d6cf47d21 100644 --- a/include/configs/ls1043a_common.h +++ b/include/configs/ls1043a_common.h @@ -273,7 +273,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h index ea6209ad2e..9a08f8e88d 100644 --- a/include/configs/ls1046a_common.h +++ b/include/configs/ls1046a_common.h @@ -253,8 +253,9 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ - "&& esbc_validate ${scripthdraddr};" \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ + "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ "sf probe && sf read $load_addr " \ diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h index 45af087dc6..322adb530a 100644 --- a/include/configs/ls1088ardb.h +++ b/include/configs/ls1088ardb.h @@ -398,7 +398,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; "\ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index e41ace6685..2e8a8bbdb7 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -495,7 +495,8 @@ unsigned long get_board_sys_clk(void); "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ |