SECURE BOOT: Add fall back option

[oweals/u-boot.git] / include / configs / ls1043a_common.h

diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index a4cd09aa90d5d68bccb7f02959adfd0cdfb28d7d..67b5ea715e860f8508a69f8b3a42b8c50a9dbb12 100644 (file)
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -252,7 +252,7 @@
        "fdt_high=0xffffffffffffffff\0"         \
        "initrd_high=0xffffffffffffffff\0"      \
        "fdt_addr=0x64f00000\0"                 \
-       "kernel_addr=0x65000000\0"              \
+       "kernel_addr=0x61000000\0"              \
        "scriptaddr=0x80000000\0"               \
        "scripthdraddr=0x80080000\0"            \
        "fdtheader_addr_r=0x80100000\0"         \
@@ -260,9 +260,13 @@
        "kernel_addr_r=0x81000000\0"            \
        "fdt_addr_r=0x90000000\0"               \
        "load_addr=0xa0000000\0"                \
+       "kernelheader_addr=0x60800000\0"        \
        "kernel_size=0x2800000\0"               \
+       "kernelheader_size=0x40000\0"           \
        "kernel_addr_sd=0x8000\0"               \
        "kernel_size_sd=0x14000\0"              \
+       "kernelhdr_addr_sd=0x4000\0"            \
+       "kernelhdr_size_sd=0x10\0"              \
        "console=ttyS0,115200\0"                \
        "boot_os=y\0"                           \
        "mtdparts=" CONFIG_MTDPARTS_DEFAULT "\0"        \
@@ -295,26 +299,35 @@
                "source ${scriptaddr}\0"                        \
        "qspi_bootcmd=echo Trying load from qspi..;"    \
                "sf probe && sf read $load_addr "       \
-               "$kernel_addr $kernel_size && bootm $load_addr#$board\0" \
+               "$kernel_addr $kernel_size; env exists secureboot "     \
+               "&& sf read $kernelheader_addr_r $kernelheader_addr "   \
+               "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
+               "bootm $load_addr#$board\0"     \
        "nor_bootcmd=echo Trying load from nor..;"      \
                "cp.b $kernel_addr $load_addr " \
-               "$kernel_size && bootm $load_addr#$board\0" \
+               "$kernel_size; env exists secureboot "  \
+               "&& cp.b $kernelheader_addr $kernelheader_addr_r "      \
+               "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
+               "bootm $load_addr#$board\0"         \
        "sd_bootcmd=echo Trying load from SD ..;"       \
                "mmcinfo; mmc read $load_addr "         \
                "$kernel_addr_sd $kernel_size_sd && "     \
+               "env exists secureboot && mmc read $kernelheader_addr_r "               \
+               "$kernelhdr_addr_sd $kernelhdr_size_sd "                \
+               " && esbc_validate ${kernelheader_addr_r};"     \
                "bootm $load_addr#$board\0"
 
 
 #undef CONFIG_BOOTCOMMAND
 #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
-                          "&& esbc_halt; run qspi_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd; "    \
+                          "env exists secureboot && esbc_halt;"
 #elif defined(CONFIG_SD_BOOT)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot"  \
-                          "&& esbc_halt; run sd_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run sd_bootcmd; "  \
+                          "env exists secureboot && esbc_halt;"
 #else
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
-                          "&& esbc_halt; run nor_bootcmd;"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run nor_bootcmd; "     \
+                          "env exists secureboot && esbc_halt;"
 #endif
 #endif