imx6: aristainetos: enable HAB boot

enable IMX_HAB on aristianetos board

Signed-off-by: Heiko Schocher <hs@denx.de>

diff --git a/board/aristainetos/aristainetos2.cfg b/board/aristainetos/aristainetos2.cfg
index fbbc2e5..965ad64 100644 (file)
--- a/board/aristainetos/aristainetos2.cfg
+++ b/board/aristainetos/aristainetos2.cfg
@@ -23,6 +23,9 @@ BOOT_FROM      spi
 
 #define __ASSEMBLY__
 #include <config.h>
+#ifdef CONFIG_IMX_HAB
+CSF CONFIG_CSF_SIZE
+#endif
 #include "asm/arch/mx6-ddr.h"
 #include "asm/arch/iomux.h"
 #include "asm/arch/crm_regs.h"

diff --git a/configs/aristainetos2_defconfig b/configs/aristainetos2_defconfig
index cad9839..0c5c9fc 100644 (file)
--- a/configs/aristainetos2_defconfig
+++ b/configs/aristainetos2_defconfig
@@ -8,6 +8,9 @@ CONFIG_ENV_SIZE=0x3000
 CONFIG_ENV_OFFSET=0xD0000
 CONFIG_NR_DRAM_BANKS=1
 CONFIG_ENV_SECT_SIZE=0x10000
+CONFIG_IMX_HAB=y
+# CONFIG_CMD_DEKBLOB is not set
+# CONFIG_CMD_NANDBCB is not set
 CONFIG_FIT=y
 CONFIG_SYS_EXTRA_OPTIONS="IMX_CONFIG=board/aristainetos/aristainetos2.cfg"
 CONFIG_BOOTDELAY=3
@@ -42,6 +45,7 @@ CONFIG_CMD_MII=y
 CONFIG_CMD_PING=y
 CONFIG_CMD_BMP=y
 CONFIG_CMD_CACHE=y
+# CONFIG_CMD_HASH is not set
 CONFIG_CMD_EXT2=y
 CONFIG_CMD_EXT4=y
 CONFIG_CMD_EXT4_WRITE=y

diff --git a/include/configs/aristainetos2.h b/include/configs/aristainetos2.h
index fba26d0..48cea2b 100644 (file)
--- a/include/configs/aristainetos2.h
+++ b/include/configs/aristainetos2.h
@@ -36,6 +36,56 @@
 
 #define CONFIG_SYS_SPI_ST_ENABLE_WP_PIN
 
+#ifdef CONFIG_IMX_HAB
+#define HAB_EXTRA_SETTINGS \
+       "hab_check_addr=" \
+               "if hab_auth_img ${check_addr} ${filesize} ; then " \
+                       "true;" \
+               "else " \
+                       "echo \"HAB checks ${hab_check_filetype} " \
+                       "failed!\"; " \
+                       "false; " \
+               "fi;\0" \
+       "hab_check_file_fit=" \
+               "if env exists enable_hab_check && test " \
+                       "${enable_hab_check} -eq 1 ; then " \
+                       "setenv hab_check_filetype \"FIT file on SD card " \
+                       "or eMMC\";" \
+                       "env set check_addr ${fit_addr_r};" \
+                       "run hab_check_addr;" \
+               "else " \
+                       "true; "\
+               "fi;\0" \
+       "hab_check_file_bootscript=" \
+               "if env exists enable_hab_check && test " \
+                       "${enable_hab_check} -eq 1 ; then " \
+                       "setenv hab_check_filetype \"Bootscript file\";" \
+                       "env set check_addr ${loadaddr};" \
+                       "run hab_check_addr;" \
+               "else " \
+                       "true; "\
+               "fi;\0" \
+       "hab_check_flash_fit=" \
+               "if env exists enable_hab_check && test " \
+                       "${enable_hab_check} -eq 1 ; then " \
+                       "setenv hab_check_filetype \"FIT files on flash\";" \
+                       "env set check_addr ${fit_addr_r};" \
+                       "run hab_check_addr;" \
+               "else " \
+                       "true; "\
+               "fi;\0" \
+       "enable_hab_check=1\0"
+#else
+#define HAB_EXTRA_SETTINGS \
+       "hab_check_file_fit=echo HAB check FIT file always returns " \
+               "true;true\0" \
+       "hab_check_flash_fit=echo HAB check flash FIT always returns " \
+               "true;true\0" \
+       "hab_check_file_bootscript=echo HAB check bootscript always " \
+               "returns true;true\0" \
+       "enable_hab_check=0\0"
+#endif
+
 #define CONFIG_EXTRA_ENV_BOARD_SETTINGS \
        "dead=led led_red on\0" \
        "mtdids=nand0=gpmi-nand,nor0=spi3.1\0" \
@@ -281,6 +331,7 @@
        "else "\
                "run main_rescue_boot;" \
        "fi; \0"\
+       HAB_EXTRA_SETTINGS \
        CONFIG_EXTRA_ENV_BOARD_SETTINGS
 
 #define CONFIG_ARP_TIMEOUT             200UL