Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-09-01 Thread Sumit Garg
> -Original Message-
> From: York Sun
> Sent: Friday, September 01, 2017 4:38 AM
> To: Sumit Garg ; u-boot@lists.denx.de
> Cc: Ruchika Gupta ; Prabhakar Kushwaha
> ; Mingkai Hu ;
> Shengzhou Liu 
> Subject: Re: [PATCH] arm64: ls1043ardb: Add distro secure boot support
> 
> On 06/04/2017 11:54 PM, Sumit Garg wrote:
> > Enable validation of boot.scr script prior to its execution dependent
> > on "secureboot" flag in environment. Disable fall back option to
> > nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> > flag in environment for ARM based platforms instead of bootcmd.
> >
> > Signed-off-by: Sumit Garg 
> > Tested-by: Vinitha Pillai 
> > ---
> >   board/freescale/common/fsl_chain_of_trust.c |  6 ++
> >   configs/ls1043ardb_SECURE_BOOT_defconfig|  1 +
> >   configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig |  1 +
> >   include/configs/ls1043a_common.h| 23 
> > +-
> -
> >   4 files changed, 29 insertions(+), 2 deletions(-)
> >
> > diff --git a/board/freescale/common/fsl_chain_of_trust.c
> > b/board/freescale/common/fsl_chain_of_trust.c
> > index 438e781..609e2b2 100644
> > --- a/board/freescale/common/fsl_chain_of_trust.c
> > +++ b/board/freescale/common/fsl_chain_of_trust.c
> > @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
> >  * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot
> script)
> >  */
> > setenv("bootdelay", "0");
> > +
> > +#ifdef CONFIG_ARM
> > +   setenv("secureboot", "y");
> > +#else
> > setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> > +#endif
> > +
> > return 0;
> >   }
> >   #endif
> > diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig
> > b/configs/ls1043ardb_SECURE_BOOT_defconfig
> > index 861d49b..3f535cc 100644
> > --- a/configs/ls1043ardb_SECURE_BOOT_defconfig
> > +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
> > @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
> >   CONFIG_RSA=y
> >   CONFIG_SPL_RSA=y
> >   CONFIG_RSA_SOFTWARE_EXP=y
> > +CONFIG_DISTRO_DEFAULTS=y
> > diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > index 5f9b21d..2d57e79 100644
> > --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > @@ -56,3 +56,4 @@ CONFIG_RSA=y
> >   CONFIG_SPL_RSA=y
> >   CONFIG_SPL_CRYPTO_SUPPORT=y
> >   CONFIG_SPL_HASH_SUPPORT=y
> > +CONFIG_DISTRO_DEFAULTS=y
> > diff --git a/include/configs/ls1043a_common.h
> > b/include/configs/ls1043a_common.h
> > index e8a756f..6e30427 100644
> > --- a/include/configs/ls1043a_common.h
> > +++ b/include/configs/ls1043a_common.h
> > @@ -282,6 +282,7 @@
> > "fdt_addr=0x64f0\0"  \
> > "kernel_addr=0x6500\0"  \
> > "scriptaddr=0x8000\0"  \
> > +   "scripthdraddr=0x8008\0"\
> > "fdtheader_addr_r=0x8010\0" \
> > "kernelheader_addr_r=0x8020\0"  \
> > "kernel_addr_r=0x8100\0"\
> > @@ -292,6 +293,7 @@
> > "mtdparts=" MTDPARTS_DEFAULT "\0"   \
> > BOOTENV \
> > "boot_scripts=ls1043ardb_boot.scr\0"\
> > +   "boot_script_hdr=hdr_ls1043ardb_bs.out\0"   \
> > "scan_dev_for_boot_part="  \
> >  "part list ${devtype} ${devnum} devplist; "   \
> >  "env exists devplist || setenv devplist 1; "  \ @@ -302,6
> > +304,21 @@
> >   "run scan_dev_for_boot; " \
> >   "fi; "   \
> >   "done\0"\
> > +   "scan_dev_for_boot="  \
> > +   "echo Scanning ${devtype} "   \
> > +   "${devnum}:${distro_bootpart}...; "  \
> > +   "for prefix in ${boot_prefixes}; do " \
> > +   "run scan_dev_for_scripts; "  \
> > +   "done;"   \
> > +   "\0"  \
> > +   "boot_a_script="  \
> > +   "load ${devtype} ${devnum}:${distro_bootpart} "  \
> > +   "${scriptaddr} ${prefix}${script}; "\
> > +   "env exists secureboot && load ${devtype} " \
> > +   "${devnum}:${distro_bootpart} " \
> > +   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
> > +   "&& esbc_validate ${scripthdraddr};"\
> > +   "source ${scriptaddr}\0"  \
> > "installer=load mmc 0:2 $load_addr "  \
> >"/flex_installer_arm64.itb; "  \
> >"bootm $load_addr#ls1043ardb\0"\
> > @@ -315,9 +332,11 @@
> >
> >   #undef CONFIG_BOOTCOMMAND
> >   #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
> > -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run
> qspi_bootcmd"
> > +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-08-31 Thread York Sun
On 06/04/2017 11:54 PM, Sumit Garg wrote:
> Enable validation of boot.scr script prior to its execution dependent
> on "secureboot" flag in environment. Disable fall back option to
> nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
> 
> Signed-off-by: Sumit Garg 
> Tested-by: Vinitha Pillai 
> ---
>   board/freescale/common/fsl_chain_of_trust.c |  6 ++
>   configs/ls1043ardb_SECURE_BOOT_defconfig|  1 +
>   configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig |  1 +
>   include/configs/ls1043a_common.h| 23 +--
>   4 files changed, 29 insertions(+), 2 deletions(-)
> 
> diff --git a/board/freescale/common/fsl_chain_of_trust.c 
> b/board/freescale/common/fsl_chain_of_trust.c
> index 438e781..609e2b2 100644
> --- a/board/freescale/common/fsl_chain_of_trust.c
> +++ b/board/freescale/common/fsl_chain_of_trust.c
> @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
>* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
>*/
>   setenv("bootdelay", "0");
> +
> +#ifdef CONFIG_ARM
> + setenv("secureboot", "y");
> +#else
>   setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> +#endif
> +
>   return 0;
>   }
>   #endif
> diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig 
> b/configs/ls1043ardb_SECURE_BOOT_defconfig
> index 861d49b..3f535cc 100644
> --- a/configs/ls1043ardb_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
> @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
>   CONFIG_RSA=y
>   CONFIG_SPL_RSA=y
>   CONFIG_RSA_SOFTWARE_EXP=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig 
> b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> index 5f9b21d..2d57e79 100644
> --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> @@ -56,3 +56,4 @@ CONFIG_RSA=y
>   CONFIG_SPL_RSA=y
>   CONFIG_SPL_CRYPTO_SUPPORT=y
>   CONFIG_SPL_HASH_SUPPORT=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/include/configs/ls1043a_common.h 
> b/include/configs/ls1043a_common.h
> index e8a756f..6e30427 100644
> --- a/include/configs/ls1043a_common.h
> +++ b/include/configs/ls1043a_common.h
> @@ -282,6 +282,7 @@
>   "fdt_addr=0x64f0\0"  \
>   "kernel_addr=0x6500\0"  \
>   "scriptaddr=0x8000\0"  \
> + "scripthdraddr=0x8008\0"\
>   "fdtheader_addr_r=0x8010\0" \
>   "kernelheader_addr_r=0x8020\0"  \
>   "kernel_addr_r=0x8100\0"\
> @@ -292,6 +293,7 @@
>   "mtdparts=" MTDPARTS_DEFAULT "\0"   \
>   BOOTENV \
>   "boot_scripts=ls1043ardb_boot.scr\0"\
> + "boot_script_hdr=hdr_ls1043ardb_bs.out\0"   \
>   "scan_dev_for_boot_part="  \
>"part list ${devtype} ${devnum} devplist; "   \
>"env exists devplist || setenv devplist 1; "  \
> @@ -302,6 +304,21 @@
> "run scan_dev_for_boot; " \
> "fi; "   \
> "done\0"\
> + "scan_dev_for_boot="  \
> + "echo Scanning ${devtype} "   \
> + "${devnum}:${distro_bootpart}...; "  \
> + "for prefix in ${boot_prefixes}; do " \
> + "run scan_dev_for_scripts; "  \
> + "done;"   \
> + "\0"  \
> + "boot_a_script="  \
> + "load ${devtype} ${devnum}:${distro_bootpart} "  \
> + "${scriptaddr} ${prefix}${script}; "\
> + "env exists secureboot && load ${devtype} " \
> + "${devnum}:${distro_bootpart} " \
> + "${scripthdraddr} ${prefix}${boot_script_hdr} " \
> + "&& esbc_validate ${scripthdraddr};"\
> + "source ${scriptaddr}\0"  \
>   "installer=load mmc 0:2 $load_addr "  \
>  "/flex_installer_arm64.itb; "  \
>  "bootm $load_addr#ls1043ardb\0"\
> @@ -315,9 +332,11 @@
>   
>   #undef CONFIG_BOOTCOMMAND
>   #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
> -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd"
> +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot"   
> \
> +"&& esbc_halt; run qspi_bootcmd;"
>   #else
> -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run nor_bootcmd"
> +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot"   
> \
> +"&& esbc_halt; run nor_bootcmd;"
>   #endif
>   
>   #define CONFIG_BOOTARGS "console=ttyS0,115200 
> root

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-08-07 Thread York Sun
On 06/04/2017 11:54 PM, Sumit Garg wrote:
> Enable validation of boot.scr script prior to its execution dependent
> on "secureboot" flag in environment. Disable fall back option to
> nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
> 
> Signed-off-by: Sumit Garg 
> Tested-by: Vinitha Pillai 
> ---

Applied to fsl-qoriq master. Thanks.

York

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot


Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-06-18 Thread Sumit Garg
> -Original Message-
> From: York Sun
> Sent: Wednesday, June 14, 2017 2:13 AM
> To: Sumit Garg ; u-boot@lists.denx.de
> Cc: Ruchika Gupta ; Prabhakar Kushwaha
> ; Mingkai Hu ;
> Shengzhou Liu 
> Subject: Re: [PATCH] arm64: ls1043ardb: Add distro secure boot support
> 
> On 06/04/2017 11:54 PM, Sumit Garg wrote:
> > Enable validation of boot.scr script prior to its execution dependent
> > on "secureboot" flag in environment. Disable fall back option to
> > nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> > flag in environment for ARM based platforms instead of bootcmd.
> >
> > Signed-off-by: Sumit Garg 
> > Tested-by: Vinitha Pillai 
> > ---
> 
> Can you add the steps to board README or a general README file to describe
> the steps to make distro boot on these boards? I don't think it is common
> knowledge yet. Last time when I tried on LS2080ARDB, it took me quite some
> effort to sort it out.
> 
> York
 
As per my understanding DISTRO boot is common feature in u-boot and we have
enabled it on our boards. Please refer to "doc/README.distro".

Sumit
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot


Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-06-13 Thread York Sun
On 06/04/2017 11:54 PM, Sumit Garg wrote:
> Enable validation of boot.scr script prior to its execution dependent
> on "secureboot" flag in environment. Disable fall back option to
> nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
> 
> Signed-off-by: Sumit Garg 
> Tested-by: Vinitha Pillai 
> ---

Can you add the steps to board README or a general README file to 
describe the steps to make distro boot on these boards? I don't think it 
is common knowledge yet. Last time when I tried on LS2080ARDB, it took 
me quite some effort to sort it out.

York
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot


Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-06-05 Thread Sumit Garg
> -Original Message-
> From: Sumit Garg [mailto:sumit.g...@nxp.com]
> Sent: Monday, June 05, 2017 11:52 PM
> To: u-boot@lists.denx.de
> Cc: york sun ; Ruchika Gupta ;
> Prabhakar Kushwaha ; Mingkai Hu
> ; Shengzhou Liu ; Sumit
> Garg 
> Subject: [PATCH] arm64: ls1043ardb: Add distro secure boot support
> 
> Enable validation of boot.scr script prior to its execution dependent on
> "secureboot" flag in environment. Disable fall back option to nor/qspi boot in
> case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
> 
> Signed-off-by: Sumit Garg 
> Tested-by: Vinitha Pillai 
> ---

Forgot to add dependency on https://patchwork.ozlabs.org/patch/767352/ patch. 

-Sumit

>  board/freescale/common/fsl_chain_of_trust.c |  6 ++
>  configs/ls1043ardb_SECURE_BOOT_defconfig|  1 +
>  configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig |  1 +
>  include/configs/ls1043a_common.h| 23 +--
>  4 files changed, 29 insertions(+), 2 deletions(-)
> 
> diff --git a/board/freescale/common/fsl_chain_of_trust.c
> b/board/freescale/common/fsl_chain_of_trust.c
> index 438e781..609e2b2 100644
> --- a/board/freescale/common/fsl_chain_of_trust.c
> +++ b/board/freescale/common/fsl_chain_of_trust.c
> @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
>* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot
> script)
>*/
>   setenv("bootdelay", "0");
> +
> +#ifdef CONFIG_ARM
> + setenv("secureboot", "y");
> +#else
>   setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> +#endif
> +
>   return 0;
>  }
>  #endif
> diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig
> b/configs/ls1043ardb_SECURE_BOOT_defconfig
> index 861d49b..3f535cc 100644
> --- a/configs/ls1043ardb_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
> @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
>  CONFIG_RSA=y
>  CONFIG_SPL_RSA=y
>  CONFIG_RSA_SOFTWARE_EXP=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> index 5f9b21d..2d57e79 100644
> --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> @@ -56,3 +56,4 @@ CONFIG_RSA=y
>  CONFIG_SPL_RSA=y
>  CONFIG_SPL_CRYPTO_SUPPORT=y
>  CONFIG_SPL_HASH_SUPPORT=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/include/configs/ls1043a_common.h
> b/include/configs/ls1043a_common.h
> index e8a756f..6e30427 100644
> --- a/include/configs/ls1043a_common.h
> +++ b/include/configs/ls1043a_common.h
> @@ -282,6 +282,7 @@
>   "fdt_addr=0x64f0\0"  \
>   "kernel_addr=0x6500\0"  \
>   "scriptaddr=0x8000\0"  \
> + "scripthdraddr=0x8008\0"\
>   "fdtheader_addr_r=0x8010\0" \
>   "kernelheader_addr_r=0x8020\0"  \
>   "kernel_addr_r=0x8100\0"\
> @@ -292,6 +293,7 @@
>   "mtdparts=" MTDPARTS_DEFAULT "\0"   \
>   BOOTENV \
>   "boot_scripts=ls1043ardb_boot.scr\0"\
> + "boot_script_hdr=hdr_ls1043ardb_bs.out\0"   \
>   "scan_dev_for_boot_part="  \
>"part list ${devtype} ${devnum} devplist; "   \
>"env exists devplist || setenv devplist 1; "  \ @@ -302,6 +304,21 
> @@
> "run scan_dev_for_boot; " \
> "fi; "   \
> "done\0"\
> + "scan_dev_for_boot="  \
> + "echo Scanning ${devtype} "   \
> + "${devnum}:${distro_bootpart}...; "  \
> + "for prefix in ${boot_prefixes}; do " \
> + "run scan_dev_for_scripts; "  \
> + "done;"   \
> + "\0"  \
> + "boot_a_script="  \
> + "load ${devtype} ${devnum}:${distro_bootpart} "  \
> + "${scriptaddr} ${prefix}${script}; "\
> + "env exists secureboot && load ${devtype} " \
> + "${devnum}:${distro_bootpart} " \
> + "${scripthdraddr} ${prefix}${boot_script_hdr} " \
> + "&& esbc_validate ${scripthdraddr};"\
> + "source ${scriptaddr}\0"  \
>   "installer=load mmc 0:2 $load_addr "  \
>  "/flex_installer_arm64.itb; "  \
>  "bootm $load_addr#ls1043ardb\0"\
> @@ -315,9 +332,11 @@
> 
>  #undef CONFIG_BOOTCOMMAND
>  #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI) -
> #define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd"
> +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists
> secureboot"   \
> +"&& esbc_

[U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-06-04 Thread Sumit Garg
Enable validation of boot.scr script prior to its execution dependent
on "secureboot" flag in environment. Disable fall back option to
nor/qspi boot in case of secure boot. Also enable "secureboot=y"
flag in environment for ARM based platforms instead of bootcmd.

Signed-off-by: Sumit Garg 
Tested-by: Vinitha Pillai 
---
 board/freescale/common/fsl_chain_of_trust.c |  6 ++
 configs/ls1043ardb_SECURE_BOOT_defconfig|  1 +
 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig |  1 +
 include/configs/ls1043a_common.h| 23 +--
 4 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/board/freescale/common/fsl_chain_of_trust.c 
b/board/freescale/common/fsl_chain_of_trust.c
index 438e781..609e2b2 100644
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
 * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
 */
setenv("bootdelay", "0");
+
+#ifdef CONFIG_ARM
+   setenv("secureboot", "y");
+#else
setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
+#endif
+
return 0;
 }
 #endif
diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig 
b/configs/ls1043ardb_SECURE_BOOT_defconfig
index 861d49b..3f535cc 100644
--- a/configs/ls1043ardb_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
@@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
 CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_DISTRO_DEFAULTS=y
diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig 
b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
index 5f9b21d..2d57e79 100644
--- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
@@ -56,3 +56,4 @@ CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_SPL_CRYPTO_SUPPORT=y
 CONFIG_SPL_HASH_SUPPORT=y
+CONFIG_DISTRO_DEFAULTS=y
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index e8a756f..6e30427 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -282,6 +282,7 @@
"fdt_addr=0x64f0\0"  \
"kernel_addr=0x6500\0"  \
"scriptaddr=0x8000\0"  \
+   "scripthdraddr=0x8008\0"\
"fdtheader_addr_r=0x8010\0" \
"kernelheader_addr_r=0x8020\0"  \
"kernel_addr_r=0x8100\0"\
@@ -292,6 +293,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0"   \
BOOTENV \
"boot_scripts=ls1043ardb_boot.scr\0"\
+   "boot_script_hdr=hdr_ls1043ardb_bs.out\0"   \
"scan_dev_for_boot_part="  \
 "part list ${devtype} ${devnum} devplist; "   \
 "env exists devplist || setenv devplist 1; "  \
@@ -302,6 +304,21 @@
  "run scan_dev_for_boot; " \
  "fi; "   \
  "done\0"\
+   "scan_dev_for_boot="  \
+   "echo Scanning ${devtype} "   \
+   "${devnum}:${distro_bootpart}...; "  \
+   "for prefix in ${boot_prefixes}; do " \
+   "run scan_dev_for_scripts; "  \
+   "done;"   \
+   "\0"  \
+   "boot_a_script="  \
+   "load ${devtype} ${devnum}:${distro_bootpart} "  \
+   "${scriptaddr} ${prefix}${script}; "\
+   "env exists secureboot && load ${devtype} " \
+   "${devnum}:${distro_bootpart} " \
+   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+   "&& esbc_validate ${scripthdraddr};"\
+   "source ${scriptaddr}\0"  \
"installer=load mmc 0:2 $load_addr "  \
   "/flex_installer_arm64.itb; "  \
   "bootm $load_addr#ls1043ardb\0"\
@@ -315,9 +332,11 @@
 
 #undef CONFIG_BOOTCOMMAND
 #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
+  "&& esbc_halt; run qspi_bootcmd;"
 #else
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run nor_bootcmd"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
+  "&& esbc_halt; run nor_bootcmd;"
 #endif
 
 #define CONFIG_BOOTARGS"console=ttyS0,115200 
root=/dev/ram0 " \
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot