secure_boot: enable chain of trust for PowerPC platforms

Chain of Trust is enabled for PowerPC platforms for Secure Boot.
CONFIG_BOARD_LATE_INIT is defined.
In board_late_init(), fsl_setenv_chain_of_trust() is called which
will perform the following:
- If boot mode is non-secure, return (No Change)
- If boot mode is secure, set the following environmet variables:
   bootdelay = 0 (To disable Boot Prompt)
   bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index 13a7d0f664d2a19899c89c57f4fd44df3d24a341..d51616ba22cfeffbd29afca8df93c8d8e1437aec 100644 (file)
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -27,6 +27,9 @@
 #include <hwconfig.h>
 #include <linux/compiler.h>
 #include "mp.h"
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
 #ifdef CONFIG_FSL_CAAM
 #include <fsl_sec.h>
 #endif
@@ -1009,3 +1012,14 @@ void cpu_secondary_init_r(void)
        qe_reset();
 #endif
 }
+
+#ifdef CONFIG_BOARD_LATE_INIT
+int board_late_init(void)
+{
+#ifdef CONFIG_CHAIN_OF_TRUST
+       fsl_setenv_chain_of_trust();
+#endif
+
+       return 0;
+}
+#endif

diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 41058d11adf0c105d725c7265f9d8dd1a225242e..c45cace552811032b311e8729059f065ed21f94f 100644 (file)
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -87,6 +87,13 @@
 #define CONFIG_FSL_CAAM
 #endif
 
+/* fsl_setenv_chain_of_trust() must be called from
+ * board_late_init()
+ */
+#ifndef CONFIG_BOARD_LATE_INIT
+#define CONFIG_BOARD_LATE_INIT
+#endif
+
 /* If Boot Script is not on NOR and is required to be copied on RAM */
 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
 #define CONFIG_BS_HDR_ADDR_RAM         0x00010000