+// SPDX-License-Identifier: GPL-2.0+
/*
* Copyright 2015-2016 Freescale Semiconductor, Inc.
* Copyright 2017 NXP
- *
- * SPDX-License-Identifier: GPL-2.0+
*/
/*
* files.
*/
+#include <image.h>
+#include <log.h>
+#include <malloc.h>
+#include <linux/bitops.h>
#include <net/pfe_eth/pfe_eth.h>
#include <net/pfe_eth/pfe_firmware.h>
+#include <spi_flash.h>
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
-#define PFE_FIRMEWARE_FIT_CNF_NAME "config@1"
+#define PFE_FIRMWARE_FIT_CNF_NAME "config@1"
-static const void *pfe_fit_addr = (void *)CONFIG_SYS_LS_PFE_FW_ADDR;
+static const void *pfe_fit_addr;
/*
* PFE elf firmware loader.
char *desc;
int ret = 0;
- conf_node_name = PFE_FIRMEWARE_FIT_CNF_NAME;
+ conf_node_name = PFE_FIRMWARE_FIT_CNF_NAME;
conf_node_off = fit_conf_get_node(pfe_fit_addr, conf_node_name);
if (conf_node_off < 0) {
return ret;
}
+int pfe_spi_flash_init(void)
+{
+ struct spi_flash *pfe_flash;
+ int ret = 0;
+ void *addr = malloc(CONFIG_SYS_QE_FMAN_FW_LENGTH);
+
+#ifdef CONFIG_DM_SPI_FLASH
+ struct udevice *new;
+
+ /* speed and mode will be read from DT */
+ ret = spi_flash_probe_bus_cs(CONFIG_ENV_SPI_BUS,
+ CONFIG_ENV_SPI_CS, 0, 0, &new);
+
+ pfe_flash = dev_get_uclass_priv(new);
+#else
+ pfe_flash = spi_flash_probe(CONFIG_ENV_SPI_BUS,
+ CONFIG_ENV_SPI_CS,
+ CONFIG_ENV_SPI_MAX_HZ,
+ CONFIG_ENV_SPI_MODE);
+#endif
+ if (!pfe_flash) {
+ printf("SF: probe for pfe failed\n");
+ return -ENODEV;
+ }
+
+ ret = spi_flash_read(pfe_flash,
+ CONFIG_SYS_LS_PFE_FW_ADDR,
+ CONFIG_SYS_QE_FMAN_FW_LENGTH,
+ addr);
+ if (ret)
+ printf("SF: read for pfe failed\n");
+
+ pfe_fit_addr = addr;
+ spi_flash_free(pfe_flash);
+
+ return ret;
+}
+
/*
* PFE firmware initialization.
* Loads different firmware files from FIT image.
*/
int pfe_firmware_init(void)
{
+#define PFE_KEY_HASH NULL
char *pfe_firmware_name;
const void *raw_image_addr;
size_t raw_image_size = 0;
u8 *pfe_firmware;
+#ifdef CONFIG_CHAIN_OF_TRUST
+ uintptr_t pfe_esbc_hdr = 0;
+ uintptr_t pfe_img_addr = 0;
+#endif
int ret = 0;
int fw_count;
+ ret = pfe_spi_flash_init();
+ if (ret)
+ goto err;
+
ret = pfe_fit_check();
if (ret)
goto err;
+#ifdef CONFIG_CHAIN_OF_TRUST
+ pfe_esbc_hdr = CONFIG_SYS_LS_PFE_ESBC_ADDR;
+ pfe_img_addr = (uintptr_t)pfe_fit_addr;
+ if (fsl_check_boot_mode_secure() != 0) {
+ /*
+ * In case of failure in validation, fsl_secboot_validate
+ * would not return back in case of Production environment
+ * with ITS=1. In Development environment (ITS=0 and
+ * SB_EN=1), the function may return back in case of
+ * non-fatal failures.
+ */
+ ret = fsl_secboot_validate(pfe_esbc_hdr,
+ PFE_KEY_HASH,
+ &pfe_img_addr);
+ if (ret != 0)
+ printf("PFE firmware(s) validation failed\n");
+ else
+ printf("PFE firmware(s) validation Successful\n");
+ }
+#endif
+
for (fw_count = 0; fw_count < 2; fw_count++) {
if (fw_count == 0)
pfe_firmware_name = "class";
projects / platform / kernel / u-boot.git / blobdiff