armv8: Secure Boot: Modify boot_a_script definition

esbc_validate command will not be executed if “load” command for its
header fails and will further execute the source command for bootscript,
without its validation and boot process continues.

To halt the  boot process in case secure boot header is not loaded
successfully, esbc_validate command is invoked separately after “load”
command. The secure boot validation of the bootscript header will fail
(if header is not loaded) and halts the boot process, which prevent source
command from execution.

Signed-off-by: Vinitha V Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>

diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h
index ebb1df41c728774e868931f526c3ca4fb93a2070..12e6437a0555ccae88220a47a747f1071216d110 100644 (file)
--- a/include/configs/ls1012afrwy.h
+++ b/include/configs/ls1012afrwy.h
@@ -98,7 +98,8 @@
                        "${scriptaddr} ${prefix}${script}; "    \
                "env exists secureboot && load ${devtype} "     \
                        "${devnum}:${distro_bootpart} "         \
-                       "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+                       "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+                       "env exists secureboot "        \
                        "&& esbc_validate ${scripthdraddr};"    \
                "source ${scriptaddr}\0"          \
        "installer=load mmc 0:2 $load_addr "    \

diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h
index f149a604cfcc3eb76793339d21ebf274fd38ba48..f6640fa4994a180e55a71e5f23c3bb8451e2cfc7 100644 (file)
--- a/include/configs/ls1012ardb.h
+++ b/include/configs/ls1012ardb.h
@@ -98,7 +98,8 @@
                        "${scriptaddr} ${prefix}${script}; "    \
                "env exists secureboot && load ${devtype} "     \
                        "${devnum}:${distro_bootpart} "         \
-                       "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+                       "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+                       "env exists secureboot "        \
                        "&& esbc_validate ${scripthdraddr};"    \
                "source ${scriptaddr}\0"          \
        "installer=load mmc 0:2 $load_addr "    \

diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h
index 7fe7bab8e41ad20d11650a31aeff86bd99d7ab3f..ec0aad59903a329ef8535f156eb431c2b4bdcc11 100644 (file)
--- a/include/configs/ls1021atwr.h
+++ b/include/configs/ls1021atwr.h
@@ -363,7 +363,8 @@
                        "${scriptaddr} ${prefix}${script}; "    \
                "env exists secureboot && load ${devtype} "     \
                        "${devnum}:${distro_bootpart} "         \
-                       "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+                       "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+                       "env exists secureboot "        \
                        "&& esbc_validate ${scripthdraddr};"    \
                "source ${scriptaddr}\0"          \
        "installer=load mmc 0:2 $load_addr "    \

diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index dc688f3af51c069f9c62576490c8ca3826cadd4d..1d6cf47d21a57dc5ac3e12894f60ccafb53d57e9 100644 (file)
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -273,7 +273,8 @@
                        "${scriptaddr} ${prefix}${script}; "    \
                "env exists secureboot && load ${devtype} "     \
                        "${devnum}:${distro_bootpart} "         \
-                       "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+                       "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+                       "env exists secureboot "        \
                        "&& esbc_validate ${scripthdraddr};"    \
                "source ${scriptaddr}\0"                        \
        "qspi_bootcmd=echo Trying load from qspi..;"    \

diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h
index ea6209ad2ef17c3572c5baedff4c199c309a4f13..9a08f8e88d7e1f2e43d7b1709bbbf5bade6cb2d1 100644 (file)
--- a/include/configs/ls1046a_common.h
+++ b/include/configs/ls1046a_common.h
@@ -253,8 +253,9 @@
                        "${scriptaddr} ${prefix}${script}; "    \
                "env exists secureboot && load ${devtype} "     \
                        "${devnum}:${distro_bootpart} "         \
-                       "${scripthdraddr} ${prefix}${boot_script_hdr} " \
-                       "&& esbc_validate ${scripthdraddr};"    \
+                       "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+                       "env exists secureboot "        \
+                       "&& esbc_validate ${scripthdraddr};"    \
                "source ${scriptaddr}\0"          \
        "qspi_bootcmd=echo Trying load from qspi..;"      \
                "sf probe && sf read $load_addr "         \

diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index 45af087dc6dee37d9ba4747babddacd6f9e469e7..322adb530a343a096e695dfdb8f449d82a565da6 100644 (file)
--- a/include/configs/ls1088ardb.h
+++ b/include/configs/ls1088ardb.h
@@ -398,7 +398,8 @@
                "${scriptaddr} ${prefix}${script}; "            \
        "env exists secureboot && load ${devtype} "             \
                "${devnum}:${distro_bootpart} "                 \
-               "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+               "${scripthdraddr} ${prefix}${boot_script_hdr}; "\
+               "env exists secureboot "                        \
                "&& esbc_validate ${scripthdraddr};"            \
                "source ${scriptaddr}\0"                        \
        "installer=load mmc 0:2 $load_addr "                    \

diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index e41ace668594892f502102da5705035dbc1928f2..2e8a8bbdb7491294429e72a30905b81ec2dbe4a9 100644 (file)
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -495,7 +495,8 @@ unsigned long get_board_sys_clk(void);
                        "${scriptaddr} ${prefix}${script}; "    \
                "env exists secureboot && load ${devtype} "     \
                        "${devnum}:${distro_bootpart} "         \
-                       "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+                       "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+                       "env exists secureboot "        \
                        "&& esbc_validate ${scripthdraddr};"    \
                "source ${scriptaddr}\0"                        \
        "qspi_bootcmd=echo Trying load from qspi..;"            \