LS1012AFRWY: Add Secure Boot support

[u-boot] / drivers / net / pfe_eth / pfe_firmware.c

diff --git a/drivers/net/pfe_eth/pfe_firmware.c b/drivers/net/pfe_eth/pfe_firmware.c
index f06ed3729284a9187460a319ae6ba2db39bb711c..adb2d06010ce3a75c364e8e4514985a47c8ae634 100644 (file)
--- a/drivers/net/pfe_eth/pfe_firmware.c
+++ b/drivers/net/pfe_eth/pfe_firmware.c
@@ -12,6 +12,9 @@
 
 #include <net/pfe_eth/pfe_eth.h>
 #include <net/pfe_eth/pfe_firmware.h>
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
 
 #define PFE_FIRMEWARE_FIT_CNF_NAME     "config@1"
 
@@ -168,10 +171,15 @@ static int pfe_fit_check(void)
  */
 int pfe_firmware_init(void)
 {
+#define PFE_KEY_HASH   NULL
        char *pfe_firmware_name;
        const void *raw_image_addr;
        size_t raw_image_size = 0;
        u8 *pfe_firmware;
+#ifdef CONFIG_CHAIN_OF_TRUST
+       uintptr_t pfe_esbc_hdr = 0;
+       uintptr_t pfe_img_addr = 0;
+#endif
        int ret = 0;
        int fw_count;
 
@@ -179,6 +187,27 @@ int pfe_firmware_init(void)
        if (ret)
                goto err;
 
+#ifdef CONFIG_CHAIN_OF_TRUST
+       pfe_esbc_hdr = CONFIG_SYS_LS_PFE_ESBC_ADDR;
+       pfe_img_addr = (uintptr_t)pfe_fit_addr;
+       if (fsl_check_boot_mode_secure() != 0) {
+               /*
+                * In case of failure in validation, fsl_secboot_validate
+                * would not return back in case of Production environment
+                * with ITS=1. In Development environment (ITS=0 and
+                * SB_EN=1), the function may return back in case of
+                * non-fatal failures.
+                */
+               ret = fsl_secboot_validate(pfe_esbc_hdr,
+                                          PFE_KEY_HASH,
+                                          &pfe_img_addr);
+               if (ret != 0)
+                       printf("PFE firmware(s) validation failed\n");
+               else
+                       printf("PFE firmware(s) validation Successful\n");
+       }
+#endif
+
        for (fw_count = 0; fw_count < 2; fw_count++) {
                if (fw_count == 0)
                        pfe_firmware_name = "class";