[U-Boot] [PATCH 4/4][v8] SECURE_BOOT: Disable IE Key feature for RAMBOOT

[U-Boot] [PATCH 4/4][v8] SECURE_BOOT: Disable IE Key feature for RAMBOOT

[Aneesh Bansal]

ISBC Key Extension feature is not applicable for RAMBOOT
as there is no way to retrieve the CSF Header and validated
IE Key table from SRAM once CPC has been disabled.
The feature is only applicable in case of NOR SECURE BOOT.
Code Cleanup:
The SECURE_BOOT specific defines have been moved from
arch-ls102xa/config.h to
arm/include/asm/fsl_secure_boot.h

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
---
Changes in v8:
New Patch added in patchset

 arch/arm/include/asm/arch-ls102xa/config.h | 14 --------------
 arch/arm/include/asm/fsl_secure_boot.h     | 22 ++++++++++++++++++++++
 arch/powerpc/include/asm/fsl_secure_boot.h |  6 ++++--
 3 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/arch/arm/include/asm/arch-ls102xa/config.h b/arch/arm/include/asm/arch-ls102xa/config.h
index c55cdef..bcaf7bf 100644
--- a/arch/arm/include/asm/arch-ls102xa/config.h
+++ b/arch/arm/include/asm/arch-ls102xa/config.h
@@ -103,20 +103,6 @@
 #define CONFIG_SYS_FSL_SFP_VER_3_2
 #define CONFIG_SYS_FSL_SFP_BE
 #define CONFIG_SYS_FSL_SRK_LE
-#define CONFIG_KEY_REVOCATION
-#define CONFIG_FSL_ISBC_KEY_EXT
-
-#ifdef CONFIG_SECURE_BOOT
-#define CONFIG_CMD_ESBC_VALIDATE
-#define CONFIG_FSL_SEC_MON
-#define CONFIG_SHA_PROG_HW_ACCEL
-#define CONFIG_DM
-#define CONFIG_RSA
-#define CONFIG_RSA_FREESCALE_EXP
-#ifndef CONFIG_FSL_CAAM
-#define CONFIG_FSL_CAAM
-#endif
-#endif
 
 #define DCU_LAYER_MAX_NUM			16
 
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index f097c81..f2d4c3c 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -8,6 +8,28 @@
 #define __FSL_SECURE_BOOT_H
 
 #ifdef CONFIG_SECURE_BOOT
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
+
+#define CONFIG_KEY_REVOCATION
+#ifndef CONFIG_SYS_RAMBOOT
+/* The key used for verification of next level images
+ * is picked up from an Extension Table which has
+ * been verified by the ISBC (Internal Secure boot Code)
+ * in boot ROM of the SoC.
+ * The feature is only applicable in case of NOR boot and is
+ * not applicable in case of RAMBOOT (NAND, SD, SPI).
+ */
+#define CONFIG_FSL_ISBC_KEY_EXT
+#endif
+
 #ifndef CONFIG_FIT_SIGNATURE
 
 #define CONFIG_EXTRA_ENV \
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 6e55716..0985865 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -63,11 +63,13 @@
 	#define	CONFIG_FSL_TRUST_ARCH_v1
 #endif
 
-#if defined(CONFIG_FSL_CORENET)
+#if defined(CONFIG_FSL_CORENET) && !defined(CONFIG_SYS_RAMBOOT)
 /* The key used for verification of next level images
  * is picked up from an Extension Table which has
  * been verified by the ISBC (Internal Secure boot Code)
- * in boot ROM of the SoC
+ * in boot ROM of the SoC.
+ * The feature is only applicable in case of NOR boot and is
+ * not applicable in case of RAMBOOT (NAND, SD, SPI).
  */
 #define CONFIG_FSL_ISBC_KEY_EXT
 #endif
-- 
1.8.1.4

[U-Boot] [PATCH 4/4][v8] SECURE_BOOT: Disable IE Key feature for RAMBOOT

[York Sun]

On 07/31/2015 03:40 AM, Aneesh Bansal wrote:
> ISBC Key Extension feature is not applicable for RAMBOOT
> as there is no way to retrieve the CSF Header and validated
> IE Key table from SRAM once CPC has been disabled.
> The feature is only applicable in case of NOR SECURE BOOT.
> Code Cleanup:
> The SECURE_BOOT specific defines have been moved from
> arch-ls102xa/config.h to
> arm/include/asm/fsl_secure_boot.h
> 
> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
> ---
> Changes in v8:
> New Patch added in patchset

Applied to fsl-qoriq master branch. Awaiting upstream.

York