mirror of
				https://source.denx.de/u-boot/u-boot.git
				synced 2025-10-24 22:11:26 +02:00 
			
		
		
		
	1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
		
			
				
	
	
		
			51 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			51 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * Copyright 2015 Freescale Semiconductor, Inc.
 | |
|  *
 | |
|  * SPDX-License-Identifier:	GPL-2.0+
 | |
|  */
 | |
| 
 | |
| #include <common.h>
 | |
| #include <command.h>
 | |
| #include <fsl_validate.h>
 | |
| 
 | |
| static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
 | |
| 				char * const argv[])
 | |
| {
 | |
| 	printf("Core is entering spin loop.\n");
 | |
| loop:
 | |
| 	goto loop;
 | |
| 
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
 | |
| 				char * const argv[])
 | |
| {
 | |
| 	if (argc < 2)
 | |
| 		return cmd_usage(cmdtp);
 | |
| 
 | |
| 	return fsl_secboot_validate(cmdtp, flag, argc, argv);
 | |
| }
 | |
| 
 | |
| /***************************************************/
 | |
| static char esbc_validate_help_text[] =
 | |
| 	"esbc_validate hdr_addr <hash_val> - Validates signature using\n"
 | |
| 	"                          RSA verification\n"
 | |
| 	"                          $hdr_addr Address of header of the image\n"
 | |
| 	"                          to be validated.\n"
 | |
| 	"                          $hash_val -Optional\n"
 | |
| 	"                          It provides Hash of public/srk key to be\n"
 | |
| 	"                          used to verify signature.\n";
 | |
| 
 | |
| U_BOOT_CMD(
 | |
| 	esbc_validate,	3,	0,	do_esbc_validate,
 | |
| 	"Validates signature on a given image using RSA verification",
 | |
| 	esbc_validate_help_text
 | |
| );
 | |
| 
 | |
| U_BOOT_CMD(
 | |
| 	esbc_halt,	1,	0,	do_esbc_halt,
 | |
| 	"Put the core in spin loop ",
 | |
| 	""
 | |
| );
 |