aboutsummaryrefslogtreecommitdiff
path: root/drivers/net/pfe_eth/pfe_firmware.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/net/pfe_eth/pfe_firmware.c')
-rw-r--r--drivers/net/pfe_eth/pfe_firmware.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/drivers/net/pfe_eth/pfe_firmware.c b/drivers/net/pfe_eth/pfe_firmware.c
index f06ed372928..adb2d06010c 100644
--- a/drivers/net/pfe_eth/pfe_firmware.c
+++ b/drivers/net/pfe_eth/pfe_firmware.c
@@ -12,6 +12,9 @@
#include <net/pfe_eth/pfe_eth.h>
#include <net/pfe_eth/pfe_firmware.h>
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
#define PFE_FIRMEWARE_FIT_CNF_NAME "config@1"
@@ -168,10 +171,15 @@ static int pfe_fit_check(void)
*/
int pfe_firmware_init(void)
{
+#define PFE_KEY_HASH NULL
char *pfe_firmware_name;
const void *raw_image_addr;
size_t raw_image_size = 0;
u8 *pfe_firmware;
+#ifdef CONFIG_CHAIN_OF_TRUST
+ uintptr_t pfe_esbc_hdr = 0;
+ uintptr_t pfe_img_addr = 0;
+#endif
int ret = 0;
int fw_count;
@@ -179,6 +187,27 @@ int pfe_firmware_init(void)
if (ret)
goto err;
+#ifdef CONFIG_CHAIN_OF_TRUST
+ pfe_esbc_hdr = CONFIG_SYS_LS_PFE_ESBC_ADDR;
+ pfe_img_addr = (uintptr_t)pfe_fit_addr;
+ if (fsl_check_boot_mode_secure() != 0) {
+ /*
+ * In case of failure in validation, fsl_secboot_validate
+ * would not return back in case of Production environment
+ * with ITS=1. In Development environment (ITS=0 and
+ * SB_EN=1), the function may return back in case of
+ * non-fatal failures.
+ */
+ ret = fsl_secboot_validate(pfe_esbc_hdr,
+ PFE_KEY_HASH,
+ &pfe_img_addr);
+ if (ret != 0)
+ printf("PFE firmware(s) validation failed\n");
+ else
+ printf("PFE firmware(s) validation Successful\n");
+ }
+#endif
+
for (fw_count = 0; fw_count < 2; fw_count++) {
if (fw_count == 0)
pfe_firmware_name = "class";