Merge git://git.denx.de/u-boot-mpc85xx

[u-boot] / arch / arm / cpu / armv8 / fsl-layerscape / ppa.c

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
index 541b251bf4a955e25b7f9e5a212a4589b754d16f..b68e87d657176308662440cdf56a3e5d31cf62c4 100644 (file)
--- a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
@@ -17,6 +17,9 @@
 #ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT
 #include <asm/armv8/sec_firmware.h>
 #endif
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
 
 int ppa_init(void)
 {
@@ -24,12 +27,30 @@ int ppa_init(void)
        u32 *boot_loc_ptr_l, *boot_loc_ptr_h;
        int ret;
 
-#ifdef CONFIG_SYS_LS_PPA_FW_IN_NOR
+#ifdef CONFIG_CHAIN_OF_TRUST
+       uintptr_t ppa_esbc_hdr = CONFIG_SYS_LS_PPA_ESBC_ADDR;
+       uintptr_t ppa_img_addr = 0;
+#endif
+
+#ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
        ppa_fit_addr = (void *)CONFIG_SYS_LS_PPA_FW_ADDR;
 #else
 #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
 #endif
 
+#ifdef CONFIG_CHAIN_OF_TRUST
+       ppa_img_addr = (uintptr_t)ppa_fit_addr;
+       if (fsl_check_boot_mode_secure() != 0) {
+               ret = fsl_secboot_validate(ppa_esbc_hdr,
+                                          CONFIG_PPA_KEY_HASH,
+                                          &ppa_img_addr);
+               if (ret != 0)
+                       printf("PPA validation failed\n");
+               else
+                       printf("PPA validation Successful\n");
+       }
+#endif
+
 #ifdef CONFIG_FSL_LSCH3
        struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
        boot_loc_ptr_l = &gur->bootlocptrl;