From 78c58082a926b4e4c5dda4332bec1016e778f670 Mon Sep 17 00:00:00 2001 From: Vinitha V Pillai Date: Tue, 23 Apr 2019 05:52:17 +0000 Subject: [PATCH] armv8: Secure Boot: Modify boot_a_script definition MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit esbc_validate command will not be executed if “load” command for its header fails and will further execute the source command for bootscript, without its validation and boot process continues. To halt the boot process in case secure boot header is not loaded successfully, esbc_validate command is invoked separately after “load” command. The secure boot validation of the bootscript header will fail (if header is not loaded) and halts the boot process, which prevent source command from execution. Signed-off-by: Vinitha V Pillai Signed-off-by: Udit Agarwal Reviewed-by: Prabhakar Kushwaha --- include/configs/ls1012afrwy.h | 3 ++- include/configs/ls1012ardb.h | 3 ++- include/configs/ls1021atwr.h | 3 ++- include/configs/ls1043a_common.h | 3 ++- include/configs/ls1046a_common.h | 5 +++-- include/configs/ls1088ardb.h | 3 ++- include/configs/ls2080ardb.h | 3 ++- 7 files changed, 15 insertions(+), 8 deletions(-) diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h index ebb1df4..12e6437 100644 --- a/include/configs/ls1012afrwy.h +++ b/include/configs/ls1012afrwy.h @@ -98,7 +98,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h index f149a60..f6640fa 100644 --- a/include/configs/ls1012ardb.h +++ b/include/configs/ls1012ardb.h @@ -98,7 +98,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h index 7fe7bab..ec0aad5 100644 --- a/include/configs/ls1021atwr.h +++ b/include/configs/ls1021atwr.h @@ -363,7 +363,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h index dc688f3..1d6cf47 100644 --- a/include/configs/ls1043a_common.h +++ b/include/configs/ls1043a_common.h @@ -273,7 +273,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h index ea6209a..9a08f8e 100644 --- a/include/configs/ls1046a_common.h +++ b/include/configs/ls1046a_common.h @@ -253,8 +253,9 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ - "&& esbc_validate ${scripthdraddr};" \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ + "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ "sf probe && sf read $load_addr " \ diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h index 45af087..322adb5 100644 --- a/include/configs/ls1088ardb.h +++ b/include/configs/ls1088ardb.h @@ -398,7 +398,8 @@ "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; "\ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index e41ace6..2e8a8bb 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -495,7 +495,8 @@ unsigned long get_board_sys_clk(void); "${scriptaddr} ${prefix}${script}; " \ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot " \ "&& esbc_validate ${scripthdraddr};" \ "source ${scriptaddr}\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ -- 2.7.4