diff options
author | Tom Rini | 2018-06-12 13:25:24 -0400 |
---|---|---|
committer | Tom Rini | 2018-06-12 13:25:24 -0400 |
commit | 7868909ed53ed41a945f7ed95ebb88aa252142ce (patch) | |
tree | 9cea3486b40e9abec727d69d85d24adff76aa3e5 /drivers | |
parent | 7a4a3503d50819a199f0d73f28d2b2a4c66f459a (diff) | |
parent | 2d91b533312888e596563a299588e81906383464 (diff) |
Merge git://git.denx.de/u-boot-fsl-qoriq
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/net/pfe_eth/pfe_firmware.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/drivers/net/pfe_eth/pfe_firmware.c b/drivers/net/pfe_eth/pfe_firmware.c index f06ed372928..adb2d06010c 100644 --- a/drivers/net/pfe_eth/pfe_firmware.c +++ b/drivers/net/pfe_eth/pfe_firmware.c @@ -12,6 +12,9 @@ #include <net/pfe_eth/pfe_eth.h> #include <net/pfe_eth/pfe_firmware.h> +#ifdef CONFIG_CHAIN_OF_TRUST +#include <fsl_validate.h> +#endif #define PFE_FIRMEWARE_FIT_CNF_NAME "config@1" @@ -168,10 +171,15 @@ static int pfe_fit_check(void) */ int pfe_firmware_init(void) { +#define PFE_KEY_HASH NULL char *pfe_firmware_name; const void *raw_image_addr; size_t raw_image_size = 0; u8 *pfe_firmware; +#ifdef CONFIG_CHAIN_OF_TRUST + uintptr_t pfe_esbc_hdr = 0; + uintptr_t pfe_img_addr = 0; +#endif int ret = 0; int fw_count; @@ -179,6 +187,27 @@ int pfe_firmware_init(void) if (ret) goto err; +#ifdef CONFIG_CHAIN_OF_TRUST + pfe_esbc_hdr = CONFIG_SYS_LS_PFE_ESBC_ADDR; + pfe_img_addr = (uintptr_t)pfe_fit_addr; + if (fsl_check_boot_mode_secure() != 0) { + /* + * In case of failure in validation, fsl_secboot_validate + * would not return back in case of Production environment + * with ITS=1. In Development environment (ITS=0 and + * SB_EN=1), the function may return back in case of + * non-fatal failures. + */ + ret = fsl_secboot_validate(pfe_esbc_hdr, + PFE_KEY_HASH, + &pfe_img_addr); + if (ret != 0) + printf("PFE firmware(s) validation failed\n"); + else + printf("PFE firmware(s) validation Successful\n"); + } +#endif + for (fw_count = 0; fw_count < 2; fw_count++) { if (fw_count == 0) pfe_firmware_name = "class"; |