powerpc: Clean up CHAIN_OF_TRUST related options

As things stand currently, there is only one PowerPC platform that
enables the options for CHAIN_OF_TRUST.  From the board header files,
remove a number of never-set options.  Remove board specific values from
arch/powerpc/include/asm/fsl_secure_boot.h as well.  Rework
include/config_fsl_chain_trust.h to not abuse the CONFIG namespace for
constructing CHAIN_BOOT_CMD.  Migrate all of the configurable addresses
to Kconfig.

If any platforms are re-introduced with secure boot support, everything
required should still be here, but now in Kconfig, or requires migration
of an option to Kconfig.

Cc: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>

diff --git a/arch/Kconfig.nxp b/arch/Kconfig.nxp
index ccbf684..03b73d4 100644 (file)
--- a/arch/Kconfig.nxp
+++ b/arch/Kconfig.nxp
@@ -75,6 +75,46 @@ config SPL_UBOOT_KEY_HASH
          41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b.
          Otherwise leave this empty.
 
+if PPC
+
+config BOOTSCRIPT_COPY_RAM
+       bool "Secure boot copies boot script to RAM"
+       help
+         On systems that support chain of trust booting, a number of addresses
+         are required to set variables that are used in the copying and then
+         verification of different parts of the system.  If enabled, the subsequent
+         options are for what location to use in each step.
+
+config BS_ADDR_DEVICE
+       hex "Address in RAM for bs_device"
+       depends on BOOTSCRIPT_COPY_RAM
+
+config BS_SIZE
+       hex "The size of bs_size which is the amount read from bs_device"
+       depends on BOOTSCRIPT_COPY_RAM
+
+config BS_ADDR_RAM
+       hex "Address in RAM for bs_ram"
+       depends on BOOTSCRIPT_COPY_RAM
+
+config BS_HDR_ADDR_DEVICE
+       hex "Address in RAM for bs_hdr_device"
+       depends on BOOTSCRIPT_COPY_RAM
+
+config BS_HDR_SIZE
+       hex "The size of bs_hdr_size which is the amount read from bs_hdr_device"
+       depends on BOOTSCRIPT_COPY_RAM
+
+config BS_HDR_ADDR_RAM
+       hex "Address in RAM for bs_hdr_ram"
+       depends on BOOTSCRIPT_COPY_RAM
+
+config BOOTSCRIPT_HDR_ADDR
+       hex "CONFIG_BOOTSCRIPT_HDR_ADDR"
+       default BS_ADDR_RAM if BOOTSCRIPT_COPY_RAM
+
+endif
+
 config SYS_FSL_SRK_LE
        def_bool y
        depends on ARM

diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index c062fa5..a96a1ac 100644 (file)
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -10,19 +10,12 @@
 #ifdef CONFIG_NXP_ESBC
 #if defined(CONFIG_FSL_CORENET)
 #define CONFIG_SYS_PBI_FLASH_BASE              0xc0000000
-#elif defined(CONFIG_TARGET_BSC9132QDS)
-#define CONFIG_SYS_PBI_FLASH_BASE              0xc8000000
-#elif defined(CONFIG_TARGET_C29XPCIE)
-#define CONFIG_SYS_PBI_FLASH_BASE              0xcc000000
 #else
 #define CONFIG_SYS_PBI_FLASH_BASE              0xce000000
 #endif
 #define CONFIG_SYS_PBI_FLASH_WINDOW            0xcff80000
 
-#if defined(CONFIG_TARGET_B4860QDS) || \
-       defined(CONFIG_TARGET_B4420QDS) || \
-       defined(CONFIG_TARGET_T4240QDS) || \
-       defined(CONFIG_TARGET_T2080QDS) || \
+#if defined(CONFIG_TARGET_T2080QDS) || \
        defined(CONFIG_TARGET_T2080RDB) || \
        defined(CONFIG_TARGET_T1042RDB) || \
        defined(CONFIG_TARGET_T1042D4RDB) || \
@@ -78,40 +71,6 @@
 #endif /* ifdef CONFIG_SPL_BUILD */
 
 #ifndef CONFIG_SPL_BUILD
-/*
- * fsl_setenv_chain_of_trust() must be called from
- * board_late_init()
- */
-
-/* If Boot Script is not on NOR and is required to be copied on RAM */
-#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
-#define CONFIG_BS_HDR_ADDR_RAM         0x00010000
-#define CONFIG_BS_HDR_ADDR_DEVICE      0x00800000
-#define CONFIG_BS_HDR_SIZE             0x00002000
-#define CONFIG_BS_ADDR_RAM             0x00012000
-#define CONFIG_BS_ADDR_DEVICE          0x00802000
-#define CONFIG_BS_SIZE                 0x00001000
-
-#define CONFIG_BOOTSCRIPT_HDR_ADDR     CONFIG_BS_HDR_ADDR_RAM
-#else
-
-/* The bootscript header address is different for B4860 because the NOR
- * mapping is different on B4 due to reduced NOR size.
- */
-#if defined(CONFIG_TARGET_B4860QDS) || defined(CONFIG_TARGET_B4420QDS)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR     0xecc00000
-#elif defined(CONFIG_FSL_CORENET)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR     0xe8e00000
-#elif defined(CONFIG_TARGET_BSC9132QDS)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR     0x88020000
-#elif defined(CONFIG_TARGET_C29XPCIE)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR     0xec020000
-#else
-#define CONFIG_BOOTSCRIPT_HDR_ADDR     0xee020000
-#endif
-
-#endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
-
 #include <config_fsl_chain_trust.h>
 #endif /* #ifndef CONFIG_SPL_BUILD */
 #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */

diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
index 7ffb315..d31fb82 100644 (file)
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -12,6 +12,7 @@
 #include <fsl_sfp.h>
 #include <log.h>
 #include <dm/root.h>
+#include <asm/fsl_secure_boot.h>
 
 #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
 #include <spl.h>
@@ -76,14 +77,14 @@ int fsl_setenv_chain_of_trust(void)
 
        /* If Boot mode is Secure, set the environment variables
         * bootdelay = 0 (To disable Boot Prompt)
-        * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
+        * bootcmd = CHAIN_BOOT_CMD (Validate and execute Boot script)
         */
        env_set("bootdelay", "-2");
 
 #ifdef CONFIG_ARM
        env_set("secureboot", "y");
 #else
-       env_set("bootcmd", CONFIG_CHAIN_BOOT_CMD);
+       env_set("bootcmd", CHAIN_BOOT_CMD);
 #endif
 
        return 0;

diff --git a/configs/T2080QDS_SECURE_BOOT_defconfig b/configs/T2080QDS_SECURE_BOOT_defconfig
index 0a3e55b..00d36ff 100644 (file)
--- a/configs/T2080QDS_SECURE_BOOT_defconfig
+++ b/configs/T2080QDS_SECURE_BOOT_defconfig
@@ -1,8 +1,13 @@
 CONFIG_PPC=y
 CONFIG_SYS_TEXT_BASE=0xEFF40000
 CONFIG_ENV_SIZE=0x2000
-CONFIG_NXP_ESBC=y
 CONFIG_DEFAULT_DEVICE_TREE="t2080qds"
+CONFIG_MPC85xx=y
+CONFIG_TARGET_T2080QDS=y
+CONFIG_MPC85XX_HAVE_RESET_VECTOR=y
+CONFIG_ENABLE_36BIT_PHYS=y
+CONFIG_NXP_ESBC=y
+CONFIG_BOOTSCRIPT_HDR_ADDR=0xee020000
 CONFIG_FSL_USE_PCA9547_MUX=y
 CONFIG_VID=y
 CONFIG_VID_FLS_ENV="t208xqds_vdd_mv"
@@ -10,10 +15,6 @@ CONFIG_VOL_MONITOR_IR36021_READ=y
 CONFIG_VOL_MONITOR_IR36021_SET=y
 CONFIG_FSL_QIXIS=y
 # CONFIG_QIXIS_I2C_ACCESS is not set
-CONFIG_MPC85xx=y
-CONFIG_TARGET_T2080QDS=y
-CONFIG_MPC85XX_HAVE_RESET_VECTOR=y
-CONFIG_ENABLE_36BIT_PHYS=y
 # CONFIG_SYS_MALLOC_F is not set
 CONFIG_MP=y
 CONFIG_FIT=y

diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index dd01e96..380c906 100644 (file)
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -18,21 +18,21 @@
  */
 
 #ifdef CONFIG_USE_BOOTARGS
-#define CONFIG_SET_BOOTARGS    "setenv bootargs \'" CONFIG_BOOTARGS" \';"
+#define SET_BOOTARGS   "setenv bootargs \'" CONFIG_BOOTARGS" \';"
 #else
-#define CONFIG_SET_BOOTARGS    "setenv bootargs \'root=/dev/ram "      \
+#define SET_BOOTARGS   "setenv bootargs \'root=/dev/ram "      \
                                "rw console=ttyS0,115200 ramdisk_size=600000\';"
 #endif
 
-#define CONFIG_SECBOOT \
+#define SECBOOT \
        "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
-       CONFIG_SET_BOOTARGS     \
+       SET_BOOTARGS    \
        "esbc_validate $bs_hdraddr;" \
        "source $img_addr;"     \
        "esbc_halt\0"
 
 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
-#define CONFIG_BS_COPY_ENV \
+#define BS_COPY_ENV \
        "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
        "setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
        "setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
@@ -43,33 +43,28 @@
 /* For secure boot flow, default environment used will be used */
 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
        defined(CONFIG_SD_BOOT)
-#if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
-#define CONFIG_BS_COPY_CMD \
+#if defined(CONFIG_NAND_BOOT)
+#define BS_COPY_CMD \
        "nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
        "nand read $bs_ram $bs_device $bs_size ;"
 #elif defined(CONFIG_SD_BOOT)
-#define CONFIG_BS_COPY_CMD \
+#define BS_COPY_CMD \
        "mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
        "mmc read $bs_ram $bs_device $bs_size ;"
 #endif
 #else
-#define CONFIG_BS_COPY_CMD \
+#define BS_COPY_CMD \
        "cp.b $bs_hdr_device $bs_hdr_ram  $bs_hdr_size ;" \
        "cp.b $bs_device $bs_ram  $bs_size ;"
 #endif
+#else /* !CONFIG_BOOTSCRIPT_COPY_RAM */
+#define BS_COPY_ENV
+#define BS_COPY_CMD
 #endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
 
-#ifndef CONFIG_BS_COPY_ENV
-#define CONFIG_BS_COPY_ENV
-#endif
-
-#ifndef CONFIG_BS_COPY_CMD
-#define CONFIG_BS_COPY_CMD
-#endif
-
-#define CONFIG_CHAIN_BOOT_CMD  CONFIG_BS_COPY_ENV \
-                               CONFIG_BS_COPY_CMD \
-                               CONFIG_SECBOOT
+#define CHAIN_BOOT_CMD BS_COPY_ENV \
+                       BS_COPY_CMD \
+                       SECBOOT
 
 #endif
 #endif

diff --git a/include/configs/P1010RDB.h b/include/configs/P1010RDB.h
index 200b880..19aebb8 100644 (file)
--- a/include/configs/P1010RDB.h
+++ b/include/configs/P1010RDB.h
@@ -53,7 +53,6 @@
 #endif
 
 #ifdef CONFIG_NAND_SECBOOT     /* NAND Boot */
-#define CONFIG_RAMBOOT_NAND
 #define CONFIG_RESET_VECTOR_ADDRESS    0x110bfffc
 #endif
 
@@ -348,8 +347,7 @@ extern unsigned long get_sdram_size(void);
                                        FTIM2_GPCM_TWP(0x1f))
 #define CONFIG_SYS_CS3_FTIM3           0x0
 
-#if defined(CONFIG_RAMBOOT_SDCARD) || defined(CONFIG_RAMBOOT_SPIFLASH) || \
-       defined(CONFIG_RAMBOOT_NAND)
+#if defined(CONFIG_RAMBOOT_SDCARD) || defined(CONFIG_RAMBOOT_SPIFLASH)
 #define CONFIG_SYS_RAMBOOT
 #else
 #undef CONFIG_SYS_RAMBOOT

diff --git a/include/configs/T104xRDB.h b/include/configs/T104xRDB.h
index f1738b3..1c20526 100644 (file)
--- a/include/configs/T104xRDB.h
+++ b/include/configs/T104xRDB.h
@@ -66,14 +66,6 @@
 #define CONFIG_PCIE3                   /* PCIE controller 3 */
 #define CONFIG_PCIE4                   /* PCIE controller 4 */
 
-#if defined(CONFIG_SPIFLASH)
-#elif defined(CONFIG_MTD_RAW_NAND)
-#ifdef CONFIG_NXP_ESBC
-#define CONFIG_RAMBOOT_NAND
-#define CONFIG_BOOTSCRIPT_COPY_RAM
-#endif
-#endif
-
 /*
  * These can be toggled for performance analysis, otherwise use default.
  */

diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h
index 51bc772..6a4fd90 100644 (file)
--- a/include/configs/corenet_ds.h
+++ b/include/configs/corenet_ds.h
@@ -15,17 +15,8 @@
 #include "../board/freescale/common/ics307_clk.h"
 
 #ifdef CONFIG_RAMBOOT_PBL
-#ifdef CONFIG_NXP_ESBC
 #define CONFIG_RAMBOOT_TEXT_BASE       CONFIG_SYS_TEXT_BASE
 #define CONFIG_RESET_VECTOR_ADDRESS    0xfffffffc
-#ifdef CONFIG_MTD_RAW_NAND
-#define CONFIG_RAMBOOT_NAND
-#endif
-#define CONFIG_BOOTSCRIPT_COPY_RAM
-#else
-#define CONFIG_RAMBOOT_TEXT_BASE       CONFIG_SYS_TEXT_BASE
-#define CONFIG_RESET_VECTOR_ADDRESS    0xfffffffc
-#endif
 #endif
 
 #ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE