From d0a6d7ce55ec40d23ad96b549d596afd8f70735c Mon Sep 17 00:00:00 2001 From: Aneesh Bansal Date: Fri, 22 Jan 2016 16:37:27 +0530 Subject: secure_boot: enable chain of trust for PowerPC platforms Chain of Trust is enabled for PowerPC platforms for Secure Boot. CONFIG_BOARD_LATE_INIT is defined. In board_late_init(), fsl_setenv_chain_of_trust() is called which will perform the following: - If boot mode is non-secure, return (No Change) - If boot mode is secure, set the following environmet variables: bootdelay = 0 (To disable Boot Prompt) bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script) Signed-off-by: Aneesh Bansal Acked-by: Ruchika Gupta Reviewed-by: York Sun --- arch/powerpc/include/asm/fsl_secure_boot.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'arch/powerpc/include/asm/fsl_secure_boot.h') diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 41058d11ad..c45cace552 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -87,6 +87,13 @@ #define CONFIG_FSL_CAAM #endif +/* fsl_setenv_chain_of_trust() must be called from + * board_late_init() + */ +#ifndef CONFIG_BOARD_LATE_INIT +#define CONFIG_BOARD_LATE_INIT +#endif + /* If Boot Script is not on NOR and is required to be copied on RAM */ #ifdef CONFIG_BOOTSCRIPT_COPY_RAM #define CONFIG_BS_HDR_ADDR_RAM 0x00010000 -- cgit v1.2.3