From patchwork Fri Sep  8 05:53:55 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sumit Garg <sumit.garg@nxp.com>
X-Patchwork-Id: 811322
X-Patchwork-Delegate: yorksun@freescale.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3xpRNL0FQfz9t16
	for <incoming@patchwork.ozlabs.org>;
	Fri,  8 Sep 2017 15:54:24 +1000 (AEST)
Received: by lists.denx.de (Postfix, from userid 105)
	id 70C5AC21D8C; Fri,  8 Sep 2017 05:54:16 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=BAD_ENC_HEADER,
	RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,
	SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 9E07FC21D19;
	Fri,  8 Sep 2017 05:54:13 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 7A21FC21D19; Fri,  8 Sep 2017 05:54:12 +0000 (UTC)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com
	(mail-by2nam03on0063.outbound.protection.outlook.com [104.47.42.63])
	by lists.denx.de (Postfix) with ESMTPS id 7905DC21C5C
	for <u-boot@lists.denx.de>; Fri,  8 Sep 2017 05:54:11 +0000 (UTC)
Received: from CY4PR03CA0100.namprd03.prod.outlook.com (10.171.242.169) by
	CO2PR03MB2264.namprd03.prod.outlook.com (10.166.92.145) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.13.10; Fri, 8 Sep 2017 05:54:08 +0000
Received: from BL2FFO11FD025.protection.gbl (2a01:111:f400:7c09::148) by
	CY4PR03CA0100.outlook.office365.com (2603:10b6:910:4d::41) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.35.12 via
	Frontend Transport; Fri, 8 Sep 2017 05:54:08 +0000
Authentication-Results: spf=fail (sender IP is 192.88.158.2)
	smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed)
	header.d=none;nxp.com; dmarc=fail action=none header.from=nxp.com;
Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not
	designate 192.88.158.2 as permitted sender)
	receiver=protection.outlook.com;
	client-ip=192.88.158.2; helo=az84smr01.freescale.net;
Received: from az84smr01.freescale.net (192.88.158.2) by
	BL2FFO11FD025.mail.protection.outlook.com (10.173.161.104) with
	Microsoft
	SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id
	15.1.1385.11 via Frontend Transport; Fri, 8 Sep 2017 05:54:05 +0000
Received: from vinitha-OptiPlex-790.ap.freescale.net
	(vinitha-OptiPlex-790.ap.freescale.net [10.232.134.143])
	by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id
	v885s1bN022786; Thu, 7 Sep 2017 22:54:02 -0700
From: Sumit Garg <sumit.garg@nxp.com>
To: <u-boot@lists.denx.de>
Date: Fri, 8 Sep 2017 11:23:55 +0530
Message-ID: <1504850035-24931-1-git-send-email-sumit.garg@nxp.com>
X-Mailer: git-send-email 2.7.4
X-EOPAttributedMessage: 0
X-Matching-Connectors: 131493236478420766;
	(91ab9b29-cfa4-454e-5278-08d120cd25b8); ()
X-Forefront-Antispam-Report: CIP:192.88.158.2; IPV:NLI; CTRY:US; EFV:NLI;
	SFV:NSPM;
	SFS:(10009020)(6009001)(336005)(39860400002)(39380400002)(2980300002)(1110001)(1109001)(339900001)(189002)(199003)(5660300001)(8936002)(106466001)(50226002)(105606002)(53936002)(110136004)(2906002)(4326008)(54906002)(2351001)(498600001)(104016004)(33646002)(189998001)(50986999)(77096006)(69596002)(36756003)(8656003)(97736004)(47776003)(68736007)(48376002)(6666003)(81156014)(81166006)(6916009)(8676002)(86362001)(5003940100001)(356003)(85426001)(50466002)(305945005)(139555002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:CO2PR03MB2264;
	H:az84smr01.freescale.net; FPR:;
	SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD025;
	1:FnkttB5r53eCzQ//2+zUn7uSjI7zoG4k8CloM2IliJQw8hQdW3alDwb2Dtz1u01z03lXUUxzrJU5VHl6YfrBRGdozgeJ5A94D937legyH+FM/FgcBdr6jEPVMOAJAZG6
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 45b857c8-7711-48a8-45be-08d4f67e051e
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(300000503095)(300135400095)(2017052603199)(201703131430075)(201703131517081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);
	SRVR:CO2PR03MB2264;
X-Microsoft-Exchange-Diagnostics: 1; CO2PR03MB2264;
	3:YYCtkQf6gGvamJSllMwSY1K8dabtfMNahnQtptgOKhcYQYcqwDuyc0hJ2T/Dxy4TpZBfS2QTsHiZKZdBYXPm7e7wWtW4bJFFQRogF80alpvzi51h7nzr29IZWzFYebKCBGJWlahMyn7LXxn3kf76X4WYxc+Xm1v+NqMkI9BEmU6y7hLiGX24cntiyXJ9inj6yALZmNyu9E2o4Jh02U3Cq3huBuV5yV6u2k6udYq+JtfSTP7nDLdPItghdw8NkQiKt6J/ipUsCLAW7ihG/f/MvfIGM319mYI1f9yBJ8Wtw2RqQRIe1xQKZ/N+rf/455aHwXChxzlraf3Ya+Rq2VJyNg==;
	25:ed/pTODze5j6IEesqp223lv3tWTCGwuofTwDuca4TZHQX+JDhTQytULdSjGB6MZLUTm/sb8q7PjT2Y9un6evm7LpA+QQLrVlgNNWlL7HyaGvjj3HKOdccgBhkxBK8Wb02YX8DeypuwJR2HDsvRZG4VDR+HLpr8lOQL4ngRocGnnP0dUaCvj579GOwwZVw8toVeVqZr/ZsxfTi8+bAjiRdqZGEpY6H0+zzB0MHRYpEgbNGMAmUAT1za0wDb088PyaA8LKV9/IE7ZxzphYMlJDw0u1pMrgRGQbzSYpy8Djj7NU5AM3OyqT06Pcs0tiCNtJPiTXCf40CJppQNr9Q0Kzig==;
	31:ePtPeQGAg4o1wclTHwlHZsN1Z6+jEsGYZ00NZdpmREEZeYycM9ayfIBbAd9g9coMf8c64CDlMiNV2x0u8oZW7pXlpzKPNLOfAlY8obPn7d+We64MC2/XOvG7dwLzfUN8dqAzQxY5C1xWZw3T+6IGd/Oiimp6aLfdzmd3xFpt1wDZWke0jOu7IQygSPPKS6q6g3axwTbAv7GcThDda4p2F8BGkgQQClv4mvAGLG/rVuM=
X-MS-TrafficTypeDiagnostic: CO2PR03MB2264:
X-Exchange-Antispam-Report-Test: UriScan:(185117386973197);
X-Microsoft-Antispam-PRVS: 
 <CO2PR03MB22646FD73B4B96AA68B8C60798950@CO2PR03MB2264.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(3002001)(6055026)(6096035)(20161123561025)(20161123556025)(20161123559100)(20161123563025)(20161123565025)(201703131430075)(201703131433075)(201703131448075)(201703161259150)(201703151042153)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);
	SRVR:CO2PR03MB2264; BCL:0; PCL:0;
	RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095);
	SRVR:CO2PR03MB2264;
X-Microsoft-Exchange-Diagnostics: 1; CO2PR03MB2264;
	4:A3MLi5DMEYKJie8FRkvR5R8AQ8s+9qlHHrQmERXCGN2TvCaGkNuRDmHgny+Va7WOKnm0y/B5QXla0uSbCLfNUdCS7Lj4f2mWDs0/vsRwj/o6Pfsb3LLyjV/f/FwN/Elz4nuNTf4Qdd8vG7M500gINvLWFiJusDtx84sJQ/u8YYWRHA55292mYhOzXCzOBr2VKr8jjiq81zU739yrdBiJa4kSXOc1EfF2qDeNwFCbUX5ELQFqj+P86kYppgbgmrMatCqsonTAUXpoNU7ryRc/Jiu6EyswfviRd1jdXMX0hNk=
X-Forefront-PRVS: 04244E0DC5
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CO2PR03MB2264;
	23:14wO3eWYfXS1l0BsuNXaTvLw9jT8vNO2iToPwy+x8?=
	YXVsFTmhS+3ADcOJySZhKV9dgFN9Pnsyfbn+A9QMwHVHIARq6IHMgmfZbu6+iibCnW64XLmlO09GRfQbTZqSzx4B4j43GDxfuywFczENvHe13I6AvqXmDe46di3sLl/5xshjYHTkZ/OfwziFDhNsod9RBYR3AnYzA3IyMqxV0karrP7dTNr/9XDpePPl8wvDM1rP97dIvMJodGt8NmkifsnJtT2spZoo755DQJ2YaRLX2XOrKfMcq6UUtlXLJR3cY/ZyAwTcbAbmg69gEvPdz5eC5A0RKyb5wVpd8wUF8b4hrFJ74Ub8PhSOeNu/qthI5sbpVH+RBZoI7AYB/26XHZljjXmeoyv0KQfP5uDsJenCZ0ftQNfD6N45yieTx+CJompn3z3YmQHC7cimEnPnGQXo4j/vvjGXMYVbanZsJ9hd+uSwfEcdACakOCea+px4pVxowlrhRS/wySK7YfQHTO+BCJdG4KZV4ak2Pj0i41LEp4/DRYoMWfAnd9IWHrZZZL4G09IsvJVHkqHwmO2ZyCfr20KOJKFrBUCyc6mfyjjnvZtRoPkXHGi5qJ3Ux2XObyMKI/RypIM56hxQozTaWa2F/cduhYvlVu4potubBgVCfbTk4vX59mMKKaKpBwPt0DoaEUJbuneN77TWp/KSF0gz0L9h4BZwsVc/YkxCPc7F263pThShovOUkQ86q4RdZRgjYp6U6/Vp8k6NwxjhhE+XpbvNURHl2DSVBjKLPk/X0JF0YNapit53OL14U4xvqqRzAJMocvPdEWIGKW0StPrWiz70UXpcnfoe4VXjPX1ankUjeN3LiltKK7sNjoHOsTuBjdql6lWZ7mqfpNmU+1WbijNKpY0Filvm8uNAEcnKjBhDbfBeZMpNQc1Iw+vB84dWMxXm0uv9g5dTR4uWZZFev63gg2Q3K//4bzDuEdkmT8CViR8oAOgV9dziTdVW8w1h+iDdeo35MdG8IBcjY7JL6qZjTEM/PUFeZQEqx0hDStQCcW5MKCCOPDjEQi//ZzorM2uA2/WD2XSiyr1Set+RlXWDVrVaBeMxwvjEOI/H0uXc8EuAX9pwjQtamZe7Bs=
X-Microsoft-Exchange-Diagnostics: 1; CO2PR03MB2264;
	6:b2ZQrTd4/A4UUhpmjfB2l+FLvm+RglHFi60vWUqpOiok/01Z/F4ZxbfmM5/Gd0lt/JtyY0OkjlcRWrJVv9hsTqV6q1/z7hXnK7st4rfahq/Z7dScytBk56l14DWYwJTeV3T9YvfR0shvfwQCfuvF/bjYa9PTTt8X9oovjGUuiRDCguXs+fq2DBmY7t9jrCl0fCStQlBldLDz3h1zTkaMIV+6+ugmXVbTm2aXx5PI2fQoKtq/ZClIKzuhReZF1PLS8KI+WgqeyeIO6v8lmyyCnhAh3Fiy46C0Mr1Y2/X5kkLJIGGNqhYlo5w9znl/pNDGC3NbKhOcqC1CDMfwyBCABg==;
	5:2NastXXBe7eNYQx9h/l1f4ctQrPzK2JxeHrh3D7epbsrrm0qSEMZuDZPMoXfe2b7vx/e/K4EaZlOaQsr5gL1gQh/MAIFbVhA/ByHcVj+2QYc/ydthkQGCyrwNUYvQtki4Jjrd9Xg4CaeUAzha5hV8Q==;
	24:wvRg/QZj1Y+liIxcXVr2EcpdNMRpkRGCV/sp1LsVLxKw2m9H+LqTpWFpD5i3UyFIJtH2fqYlyyw3/7ypS49mwZtjo469GbWdkHQQyal0sRM=;
	7:SPKdW8wFy/7ZwzULeaPE+zsaq76I/g+5g4ZCe0+u90MMYClBGTkxE/bBk4er7poLT/FgxHfETct9um2JH7OqgDMcxEz8RAj1ZZ8M2IyjJcaWflSp7cPU1SyUTMIYdx2oLsOPZOVyzO3FwI1BIMIAs2lJqpLEhXxk+73ULyPb5msLPdXTmSdMzlIuk9gpaQ8IORzMsM2tbrFFYAo6Ud7envnVgGPFYodFv40SQa4T5rE=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Sep 2017 05:54:05.6424
	(UTC)
X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e;
	Ip=[192.88.158.2];
	Helo=[az84smr01.freescale.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR03MB2264
Cc: ruchika.gupta@nxp.com
Subject: [U-Boot] [PATCH] arm64: ls1012ardb: Add distro secure boot support
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Enable validation of boot.scr script prior to its execution dependent
on "secureboot" flag in environment. Enable fall back option to
qspi boot in case of secure boot.

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com>
---
 configs/ls1012ardb_qspi_SECURE_BOOT_defconfig |  1 +
 include/configs/ls1012ardb.h                  | 20 ++++++++++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
index ec6ed37..09fc624 100644
--- a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
+++ b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
@@ -45,3 +45,4 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_USB_STORAGE=y
 CONFIG_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_DISTRO_DEFAULTS=y
diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h
index dbfc540..5fe3218 100644
--- a/include/configs/ls1012ardb.h
+++ b/include/configs/ls1012ardb.h
@@ -80,16 +80,20 @@
 	"initrd_high=0xffffffffffffffff\0"	\
 	"fdt_addr=0x00f00000\0"			\
 	"kernel_addr=0x01000000\0"		\
+	"kernelheader_addr=0x800000\0"		\
 	"scriptaddr=0x80000000\0"		\
+	"scripthdraddr=0x80080000\0"		\
 	"fdtheader_addr_r=0x80100000\0"		\
 	"kernelheader_addr_r=0x80200000\0"	\
 	"kernel_addr_r=0x81000000\0"		\
 	"fdt_addr_r=0x90000000\0"		\
 	"load_addr=0xa0000000\0"		\
 	"kernel_size=0x2800000\0"		\
+	"kernelheader_size=0x40000\0"		\
 	"console=ttyS0,115200\0"		\
 	BOOTENV					\
 	"boot_scripts=ls1012ardb_boot.scr\0"	\
+	"boot_script_hdr=hdr_ls1012ardb_bs.out\0"	\
 	"scan_dev_for_boot_part="		\
 	     "part list ${devtype} ${devnum} devplist; "	\
 	     "env exists devplist || setenv devplist 1; "	\
@@ -107,16 +111,28 @@
 			"run scan_dev_for_scripts; "	  \
 		"done;"					  \
 		"\0"					  \
+	"boot_a_script="				  \
+		"load ${devtype} ${devnum}:${distro_bootpart} "  \
+			"${scriptaddr} ${prefix}${script}; "    \
+		"env exists secureboot && load ${devtype} "     \
+			"${devnum}:${distro_bootpart} "		\
+			"${scripthdraddr} ${prefix}${boot_script_hdr} " \
+			"&& esbc_validate ${scripthdraddr};"    \
+		"source ${scriptaddr}\0"	  \
 	"installer=load mmc 0:2 $load_addr "	\
 		   "/flex_installer_arm64.itb; "	\
 		   "bootm $load_addr#$board\0"	\
 	"qspi_bootcmd=echo Trying load from qspi..;"	\
 		"sf probe && sf read $load_addr "	\
-		"$kernel_addr $kernel_size && bootm $load_addr#$board\0" \
+		"$kernel_addr $kernel_size; env exists secureboot "	\
+		"&& sf read $kernelheader_addr_r $kernelheader_addr "	\
+		"$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
+		"bootm $load_addr#$board\0"
 
 #undef CONFIG_BOOTCOMMAND
 #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd; " \
+			   "env exists secureboot && esbc_halt;"
 #endif
 
 #include <asm/fsl_secure_boot.h>