2 * Copyright 2010-2011 Freescale Semiconductor, Inc.
4 * SPDX-License-Identifier: GPL-2.0+
7 #ifndef __FSL_SECURE_BOOT_H
8 #define __FSL_SECURE_BOOT_H
9 #include <asm/config_mpc85xx.h>
11 #ifdef CONFIG_SECURE_BOOT
13 #ifndef CONFIG_FIT_SIGNATURE
14 #define CONFIG_CHAIN_OF_TRUST
17 #if defined(CONFIG_FSL_CORENET)
18 #define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000
19 #elif defined(CONFIG_BSC9132QDS)
20 #define CONFIG_SYS_PBI_FLASH_BASE 0xc8000000
21 #elif defined(CONFIG_C29XPCIE)
22 #define CONFIG_SYS_PBI_FLASH_BASE 0xcc000000
24 #define CONFIG_SYS_PBI_FLASH_BASE 0xce000000
26 #define CONFIG_SYS_PBI_FLASH_WINDOW 0xcff80000
28 #if defined(CONFIG_B4860QDS) || \
29 defined(CONFIG_T4240QDS) || \
30 defined(CONFIG_T2080QDS) || \
31 defined(CONFIG_T2080RDB) || \
32 defined(CONFIG_T1040QDS) || \
33 defined(CONFIG_T104xD4QDS) || \
34 defined(CONFIG_T104xRDB) || \
35 defined(CONFIG_T104xD4RDB) || \
36 defined(CONFIG_PPC_T1023) || \
37 defined(CONFIG_PPC_T1024)
38 #define CONFIG_SYS_CPC_REINIT_F
39 #define CONFIG_KEY_REVOCATION
40 #undef CONFIG_SYS_INIT_L3_ADDR
41 #define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
44 #if defined(CONFIG_RAMBOOT_PBL)
45 #undef CONFIG_SYS_INIT_L3_ADDR
46 #define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
49 #if defined(CONFIG_C29XPCIE)
50 #define CONFIG_KEY_REVOCATION
53 #if defined(CONFIG_PPC_P3041) || \
54 defined(CONFIG_PPC_P4080) || \
55 defined(CONFIG_PPC_P5020) || \
56 defined(CONFIG_PPC_P5040) || \
57 defined(CONFIG_PPC_P2041)
58 #define CONFIG_FSL_TRUST_ARCH_v1
61 #if defined(CONFIG_FSL_CORENET) && !defined(CONFIG_SYS_RAMBOOT)
62 /* The key used for verification of next level images
63 * is picked up from an Extension Table which has
64 * been verified by the ISBC (Internal Secure boot Code)
65 * in boot ROM of the SoC.
66 * The feature is only applicable in case of NOR boot and is
67 * not applicable in case of RAMBOOT (NAND, SD, SPI).
69 #define CONFIG_FSL_ISBC_KEY_EXT
71 #endif /* #ifdef CONFIG_SECURE_BOOT */
73 #ifdef CONFIG_CHAIN_OF_TRUST
75 #ifdef CONFIG_SPL_BUILD
76 #define CONFIG_SPL_DM 1
77 #define CONFIG_SPL_CRYPTO_SUPPORT
78 #define CONFIG_SPL_HASH_SUPPORT
79 #define CONFIG_SPL_RSA
80 #define CONFIG_SPL_DRIVERS_MISC_SUPPORT
82 * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init
83 * due to space crunch on CPC and thus malloc will not work.
85 #define CONFIG_SPL_PPAACT_ADDR 0x2e000000
86 #define CONFIG_SPL_SPAACT_ADDR 0x2f000000
87 #define CONFIG_SPL_JR0_LIODN_S 454
88 #define CONFIG_SPL_JR0_LIODN_NS 458
90 * Define the key hash for U-Boot here if public/private key pair used to
91 * sign U-boot are different from the SRK hash put in the fuse
92 * Example of defining KEY_HASH is
93 * #define CONFIG_SPL_UBOOT_KEY_HASH \
94 * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
95 * else leave it defined as NULL
98 #define CONFIG_SPL_UBOOT_KEY_HASH NULL
99 #endif /* ifdef CONFIG_SPL_BUILD */
101 #define CONFIG_CMD_ESBC_VALIDATE
102 #define CONFIG_CMD_BLOB
103 #define CONFIG_FSL_SEC_MON
104 #define CONFIG_SHA_PROG_HW_ACCEL
105 #define CONFIG_RSA_FREESCALE_EXP
107 #ifndef CONFIG_FSL_CAAM
108 #define CONFIG_FSL_CAAM
111 #ifndef CONFIG_SPL_BUILD
113 * fsl_setenv_chain_of_trust() must be called from
116 #ifndef CONFIG_BOARD_LATE_INIT
117 #define CONFIG_BOARD_LATE_INIT
120 /* If Boot Script is not on NOR and is required to be copied on RAM */
121 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
122 #define CONFIG_BS_HDR_ADDR_RAM 0x00010000
123 #define CONFIG_BS_HDR_ADDR_FLASH 0x00800000
124 #define CONFIG_BS_HDR_SIZE 0x00002000
125 #define CONFIG_BS_ADDR_RAM 0x00012000
126 #define CONFIG_BS_ADDR_FLASH 0x00802000
127 #define CONFIG_BS_SIZE 0x00001000
129 #define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
132 /* The bootscript header address is different for B4860 because the NOR
133 * mapping is different on B4 due to reduced NOR size.
135 #if defined(CONFIG_B4860QDS)
136 #define CONFIG_BOOTSCRIPT_HDR_ADDR 0xecc00000
137 #elif defined(CONFIG_FSL_CORENET)
138 #define CONFIG_BOOTSCRIPT_HDR_ADDR 0xe8e00000
139 #elif defined(CONFIG_BSC9132QDS)
140 #define CONFIG_BOOTSCRIPT_HDR_ADDR 0x88020000
141 #elif defined(CONFIG_C29XPCIE)
142 #define CONFIG_BOOTSCRIPT_HDR_ADDR 0xec020000
144 #define CONFIG_BOOTSCRIPT_HDR_ADDR 0xee020000
147 #endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
149 #include <config_fsl_chain_trust.h>
150 #endif /* #ifndef CONFIG_SPL_BUILD */
151 #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */