Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
> -Original Message-
> From: York Sun
> Sent: Friday, September 01, 2017 4:38 AM
> To: Sumit Garg ; u-boot@lists.denx.de
> Cc: Ruchika Gupta ; Prabhakar Kushwaha
> ; Mingkai Hu ;
> Shengzhou Liu
> Subject: Re: [PATCH] arm64: ls1043ardb: Add distro secure boot support
>
> On 06/04/2017 11:54 PM, Sumit Garg wrote:
> > Enable validation of boot.scr script prior to its execution dependent
> > on "secureboot" flag in environment. Disable fall back option to
> > nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> > flag in environment for ARM based platforms instead of bootcmd.
> >
> > Signed-off-by: Sumit Garg
> > Tested-by: Vinitha Pillai
> > ---
> > board/freescale/common/fsl_chain_of_trust.c | 6 ++
> > configs/ls1043ardb_SECURE_BOOT_defconfig| 1 +
> > configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 +
> > include/configs/ls1043a_common.h| 23
> > +-
> -
> > 4 files changed, 29 insertions(+), 2 deletions(-)
> >
> > diff --git a/board/freescale/common/fsl_chain_of_trust.c
> > b/board/freescale/common/fsl_chain_of_trust.c
> > index 438e781..609e2b2 100644
> > --- a/board/freescale/common/fsl_chain_of_trust.c
> > +++ b/board/freescale/common/fsl_chain_of_trust.c
> > @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
> > * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot
> script)
> > */
> > setenv("bootdelay", "0");
> > +
> > +#ifdef CONFIG_ARM
> > + setenv("secureboot", "y");
> > +#else
> > setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> > +#endif
> > +
> > return 0;
> > }
> > #endif
> > diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig
> > b/configs/ls1043ardb_SECURE_BOOT_defconfig
> > index 861d49b..3f535cc 100644
> > --- a/configs/ls1043ardb_SECURE_BOOT_defconfig
> > +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
> > @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
> > CONFIG_RSA=y
> > CONFIG_SPL_RSA=y
> > CONFIG_RSA_SOFTWARE_EXP=y
> > +CONFIG_DISTRO_DEFAULTS=y
> > diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > index 5f9b21d..2d57e79 100644
> > --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > @@ -56,3 +56,4 @@ CONFIG_RSA=y
> > CONFIG_SPL_RSA=y
> > CONFIG_SPL_CRYPTO_SUPPORT=y
> > CONFIG_SPL_HASH_SUPPORT=y
> > +CONFIG_DISTRO_DEFAULTS=y
> > diff --git a/include/configs/ls1043a_common.h
> > b/include/configs/ls1043a_common.h
> > index e8a756f..6e30427 100644
> > --- a/include/configs/ls1043a_common.h
> > +++ b/include/configs/ls1043a_common.h
> > @@ -282,6 +282,7 @@
> > "fdt_addr=0x64f0\0" \
> > "kernel_addr=0x6500\0" \
> > "scriptaddr=0x8000\0" \
> > + "scripthdraddr=0x8008\0"\
> > "fdtheader_addr_r=0x8010\0" \
> > "kernelheader_addr_r=0x8020\0" \
> > "kernel_addr_r=0x8100\0"\
> > @@ -292,6 +293,7 @@
> > "mtdparts=" MTDPARTS_DEFAULT "\0" \
> > BOOTENV \
> > "boot_scripts=ls1043ardb_boot.scr\0"\
> > + "boot_script_hdr=hdr_ls1043ardb_bs.out\0" \
> > "scan_dev_for_boot_part=" \
> > "part list ${devtype} ${devnum} devplist; " \
> > "env exists devplist || setenv devplist 1; " \ @@ -302,6
> > +304,21 @@
> > "run scan_dev_for_boot; " \
> > "fi; " \
> > "done\0"\
> > + "scan_dev_for_boot=" \
> > + "echo Scanning ${devtype} " \
> > + "${devnum}:${distro_bootpart}...; " \
> > + "for prefix in ${boot_prefixes}; do " \
> > + "run scan_dev_for_scripts; " \
> > + "done;" \
> > + "\0" \
> > + "boot_a_script=" \
> > + "load ${devtype} ${devnum}:${distro_bootpart} " \
> > + "${scriptaddr} ${prefix}${script}; "\
> > + "env exists secureboot && load ${devtype} " \
> > + "${devnum}:${distro_bootpart} " \
> > + "${scripthdraddr} ${prefix}${boot_script_hdr} " \
> > + "&& esbc_validate ${scripthdraddr};"\
> > + "source ${scriptaddr}\0" \
> > "installer=load mmc 0:2 $load_addr " \
> >"/flex_installer_arm64.itb; " \
> >"bootm $load_addr#ls1043ardb\0"\
> > @@ -315,9 +332,11 @@
> >
> > #undef CONFIG_BOOTCOMMAND
> > #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
> > -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run
> qspi_bootcmd"
> > +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
On 06/04/2017 11:54 PM, Sumit Garg wrote:
> Enable validation of boot.scr script prior to its execution dependent
> on "secureboot" flag in environment. Disable fall back option to
> nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
>
> Signed-off-by: Sumit Garg
> Tested-by: Vinitha Pillai
> ---
> board/freescale/common/fsl_chain_of_trust.c | 6 ++
> configs/ls1043ardb_SECURE_BOOT_defconfig| 1 +
> configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 +
> include/configs/ls1043a_common.h| 23 +--
> 4 files changed, 29 insertions(+), 2 deletions(-)
>
> diff --git a/board/freescale/common/fsl_chain_of_trust.c
> b/board/freescale/common/fsl_chain_of_trust.c
> index 438e781..609e2b2 100644
> --- a/board/freescale/common/fsl_chain_of_trust.c
> +++ b/board/freescale/common/fsl_chain_of_trust.c
> @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
>* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
>*/
> setenv("bootdelay", "0");
> +
> +#ifdef CONFIG_ARM
> + setenv("secureboot", "y");
> +#else
> setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> +#endif
> +
> return 0;
> }
> #endif
> diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig
> b/configs/ls1043ardb_SECURE_BOOT_defconfig
> index 861d49b..3f535cc 100644
> --- a/configs/ls1043ardb_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
> @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
> CONFIG_RSA=y
> CONFIG_SPL_RSA=y
> CONFIG_RSA_SOFTWARE_EXP=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> index 5f9b21d..2d57e79 100644
> --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> @@ -56,3 +56,4 @@ CONFIG_RSA=y
> CONFIG_SPL_RSA=y
> CONFIG_SPL_CRYPTO_SUPPORT=y
> CONFIG_SPL_HASH_SUPPORT=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/include/configs/ls1043a_common.h
> b/include/configs/ls1043a_common.h
> index e8a756f..6e30427 100644
> --- a/include/configs/ls1043a_common.h
> +++ b/include/configs/ls1043a_common.h
> @@ -282,6 +282,7 @@
> "fdt_addr=0x64f0\0" \
> "kernel_addr=0x6500\0" \
> "scriptaddr=0x8000\0" \
> + "scripthdraddr=0x8008\0"\
> "fdtheader_addr_r=0x8010\0" \
> "kernelheader_addr_r=0x8020\0" \
> "kernel_addr_r=0x8100\0"\
> @@ -292,6 +293,7 @@
> "mtdparts=" MTDPARTS_DEFAULT "\0" \
> BOOTENV \
> "boot_scripts=ls1043ardb_boot.scr\0"\
> + "boot_script_hdr=hdr_ls1043ardb_bs.out\0" \
> "scan_dev_for_boot_part=" \
>"part list ${devtype} ${devnum} devplist; " \
>"env exists devplist || setenv devplist 1; " \
> @@ -302,6 +304,21 @@
> "run scan_dev_for_boot; " \
> "fi; " \
> "done\0"\
> + "scan_dev_for_boot=" \
> + "echo Scanning ${devtype} " \
> + "${devnum}:${distro_bootpart}...; " \
> + "for prefix in ${boot_prefixes}; do " \
> + "run scan_dev_for_scripts; " \
> + "done;" \
> + "\0" \
> + "boot_a_script=" \
> + "load ${devtype} ${devnum}:${distro_bootpart} " \
> + "${scriptaddr} ${prefix}${script}; "\
> + "env exists secureboot && load ${devtype} " \
> + "${devnum}:${distro_bootpart} " \
> + "${scripthdraddr} ${prefix}${boot_script_hdr} " \
> + "&& esbc_validate ${scripthdraddr};"\
> + "source ${scriptaddr}\0" \
> "installer=load mmc 0:2 $load_addr " \
> "/flex_installer_arm64.itb; " \
> "bootm $load_addr#ls1043ardb\0"\
> @@ -315,9 +332,11 @@
>
> #undef CONFIG_BOOTCOMMAND
> #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
> -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd"
> +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot"
> \
> +"&& esbc_halt; run qspi_bootcmd;"
> #else
> -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run nor_bootcmd"
> +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot"
> \
> +"&& esbc_halt; run nor_bootcmd;"
> #endif
>
> #define CONFIG_BOOTARGS "console=ttyS0,115200
> root
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
On 06/04/2017 11:54 PM, Sumit Garg wrote: > Enable validation of boot.scr script prior to its execution dependent > on "secureboot" flag in environment. Disable fall back option to > nor/qspi boot in case of secure boot. Also enable "secureboot=y" > flag in environment for ARM based platforms instead of bootcmd. > > Signed-off-by: Sumit Garg > Tested-by: Vinitha Pillai > --- Applied to fsl-qoriq master. Thanks. York ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
> -Original Message- > From: York Sun > Sent: Wednesday, June 14, 2017 2:13 AM > To: Sumit Garg ; u-boot@lists.denx.de > Cc: Ruchika Gupta ; Prabhakar Kushwaha > ; Mingkai Hu ; > Shengzhou Liu > Subject: Re: [PATCH] arm64: ls1043ardb: Add distro secure boot support > > On 06/04/2017 11:54 PM, Sumit Garg wrote: > > Enable validation of boot.scr script prior to its execution dependent > > on "secureboot" flag in environment. Disable fall back option to > > nor/qspi boot in case of secure boot. Also enable "secureboot=y" > > flag in environment for ARM based platforms instead of bootcmd. > > > > Signed-off-by: Sumit Garg > > Tested-by: Vinitha Pillai > > --- > > Can you add the steps to board README or a general README file to describe > the steps to make distro boot on these boards? I don't think it is common > knowledge yet. Last time when I tried on LS2080ARDB, it took me quite some > effort to sort it out. > > York As per my understanding DISTRO boot is common feature in u-boot and we have enabled it on our boards. Please refer to "doc/README.distro". Sumit ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
On 06/04/2017 11:54 PM, Sumit Garg wrote: > Enable validation of boot.scr script prior to its execution dependent > on "secureboot" flag in environment. Disable fall back option to > nor/qspi boot in case of secure boot. Also enable "secureboot=y" > flag in environment for ARM based platforms instead of bootcmd. > > Signed-off-by: Sumit Garg > Tested-by: Vinitha Pillai > --- Can you add the steps to board README or a general README file to describe the steps to make distro boot on these boards? I don't think it is common knowledge yet. Last time when I tried on LS2080ARDB, it took me quite some effort to sort it out. York ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
> -Original Message-
> From: Sumit Garg [mailto:sumit.g...@nxp.com]
> Sent: Monday, June 05, 2017 11:52 PM
> To: u-boot@lists.denx.de
> Cc: york sun ; Ruchika Gupta ;
> Prabhakar Kushwaha ; Mingkai Hu
> ; Shengzhou Liu ; Sumit
> Garg
> Subject: [PATCH] arm64: ls1043ardb: Add distro secure boot support
>
> Enable validation of boot.scr script prior to its execution dependent on
> "secureboot" flag in environment. Disable fall back option to nor/qspi boot in
> case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
>
> Signed-off-by: Sumit Garg
> Tested-by: Vinitha Pillai
> ---
Forgot to add dependency on https://patchwork.ozlabs.org/patch/767352/ patch.
-Sumit
> board/freescale/common/fsl_chain_of_trust.c | 6 ++
> configs/ls1043ardb_SECURE_BOOT_defconfig| 1 +
> configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 +
> include/configs/ls1043a_common.h| 23 +--
> 4 files changed, 29 insertions(+), 2 deletions(-)
>
> diff --git a/board/freescale/common/fsl_chain_of_trust.c
> b/board/freescale/common/fsl_chain_of_trust.c
> index 438e781..609e2b2 100644
> --- a/board/freescale/common/fsl_chain_of_trust.c
> +++ b/board/freescale/common/fsl_chain_of_trust.c
> @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
>* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot
> script)
>*/
> setenv("bootdelay", "0");
> +
> +#ifdef CONFIG_ARM
> + setenv("secureboot", "y");
> +#else
> setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> +#endif
> +
> return 0;
> }
> #endif
> diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig
> b/configs/ls1043ardb_SECURE_BOOT_defconfig
> index 861d49b..3f535cc 100644
> --- a/configs/ls1043ardb_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
> @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
> CONFIG_RSA=y
> CONFIG_SPL_RSA=y
> CONFIG_RSA_SOFTWARE_EXP=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> index 5f9b21d..2d57e79 100644
> --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> @@ -56,3 +56,4 @@ CONFIG_RSA=y
> CONFIG_SPL_RSA=y
> CONFIG_SPL_CRYPTO_SUPPORT=y
> CONFIG_SPL_HASH_SUPPORT=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/include/configs/ls1043a_common.h
> b/include/configs/ls1043a_common.h
> index e8a756f..6e30427 100644
> --- a/include/configs/ls1043a_common.h
> +++ b/include/configs/ls1043a_common.h
> @@ -282,6 +282,7 @@
> "fdt_addr=0x64f0\0" \
> "kernel_addr=0x6500\0" \
> "scriptaddr=0x8000\0" \
> + "scripthdraddr=0x8008\0"\
> "fdtheader_addr_r=0x8010\0" \
> "kernelheader_addr_r=0x8020\0" \
> "kernel_addr_r=0x8100\0"\
> @@ -292,6 +293,7 @@
> "mtdparts=" MTDPARTS_DEFAULT "\0" \
> BOOTENV \
> "boot_scripts=ls1043ardb_boot.scr\0"\
> + "boot_script_hdr=hdr_ls1043ardb_bs.out\0" \
> "scan_dev_for_boot_part=" \
>"part list ${devtype} ${devnum} devplist; " \
>"env exists devplist || setenv devplist 1; " \ @@ -302,6 +304,21
> @@
> "run scan_dev_for_boot; " \
> "fi; " \
> "done\0"\
> + "scan_dev_for_boot=" \
> + "echo Scanning ${devtype} " \
> + "${devnum}:${distro_bootpart}...; " \
> + "for prefix in ${boot_prefixes}; do " \
> + "run scan_dev_for_scripts; " \
> + "done;" \
> + "\0" \
> + "boot_a_script=" \
> + "load ${devtype} ${devnum}:${distro_bootpart} " \
> + "${scriptaddr} ${prefix}${script}; "\
> + "env exists secureboot && load ${devtype} " \
> + "${devnum}:${distro_bootpart} " \
> + "${scripthdraddr} ${prefix}${boot_script_hdr} " \
> + "&& esbc_validate ${scripthdraddr};"\
> + "source ${scriptaddr}\0" \
> "installer=load mmc 0:2 $load_addr " \
> "/flex_installer_arm64.itb; " \
> "bootm $load_addr#ls1043ardb\0"\
> @@ -315,9 +332,11 @@
>
> #undef CONFIG_BOOTCOMMAND
> #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI) -
> #define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd"
> +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists
> secureboot" \
> +"&& esbc_
[U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
Enable validation of boot.scr script prior to its execution dependent
on "secureboot" flag in environment. Disable fall back option to
nor/qspi boot in case of secure boot. Also enable "secureboot=y"
flag in environment for ARM based platforms instead of bootcmd.
Signed-off-by: Sumit Garg
Tested-by: Vinitha Pillai
---
board/freescale/common/fsl_chain_of_trust.c | 6 ++
configs/ls1043ardb_SECURE_BOOT_defconfig| 1 +
configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 +
include/configs/ls1043a_common.h| 23 +--
4 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/board/freescale/common/fsl_chain_of_trust.c
b/board/freescale/common/fsl_chain_of_trust.c
index 438e781..609e2b2 100644
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
*/
setenv("bootdelay", "0");
+
+#ifdef CONFIG_ARM
+ setenv("secureboot", "y");
+#else
setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
+#endif
+
return 0;
}
#endif
diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig
b/configs/ls1043ardb_SECURE_BOOT_defconfig
index 861d49b..3f535cc 100644
--- a/configs/ls1043ardb_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
@@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
CONFIG_RSA=y
CONFIG_SPL_RSA=y
CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_DISTRO_DEFAULTS=y
diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
index 5f9b21d..2d57e79 100644
--- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
@@ -56,3 +56,4 @@ CONFIG_RSA=y
CONFIG_SPL_RSA=y
CONFIG_SPL_CRYPTO_SUPPORT=y
CONFIG_SPL_HASH_SUPPORT=y
+CONFIG_DISTRO_DEFAULTS=y
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index e8a756f..6e30427 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -282,6 +282,7 @@
"fdt_addr=0x64f0\0" \
"kernel_addr=0x6500\0" \
"scriptaddr=0x8000\0" \
+ "scripthdraddr=0x8008\0"\
"fdtheader_addr_r=0x8010\0" \
"kernelheader_addr_r=0x8020\0" \
"kernel_addr_r=0x8100\0"\
@@ -292,6 +293,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
BOOTENV \
"boot_scripts=ls1043ardb_boot.scr\0"\
+ "boot_script_hdr=hdr_ls1043ardb_bs.out\0" \
"scan_dev_for_boot_part=" \
"part list ${devtype} ${devnum} devplist; " \
"env exists devplist || setenv devplist 1; " \
@@ -302,6 +304,21 @@
"run scan_dev_for_boot; " \
"fi; " \
"done\0"\
+ "scan_dev_for_boot=" \
+ "echo Scanning ${devtype} " \
+ "${devnum}:${distro_bootpart}...; " \
+ "for prefix in ${boot_prefixes}; do " \
+ "run scan_dev_for_scripts; " \
+ "done;" \
+ "\0" \
+ "boot_a_script=" \
+ "load ${devtype} ${devnum}:${distro_bootpart} " \
+ "${scriptaddr} ${prefix}${script}; "\
+ "env exists secureboot && load ${devtype} " \
+ "${devnum}:${distro_bootpart} " \
+ "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+ "&& esbc_validate ${scripthdraddr};"\
+ "source ${scriptaddr}\0" \
"installer=load mmc 0:2 $load_addr " \
"/flex_installer_arm64.itb; " \
"bootm $load_addr#ls1043ardb\0"\
@@ -315,9 +332,11 @@
#undef CONFIG_BOOTCOMMAND
#if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
+ "&& esbc_halt; run qspi_bootcmd;"
#else
-#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run nor_bootcmd"
+#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \
+ "&& esbc_halt; run nor_bootcmd;"
#endif
#define CONFIG_BOOTARGS"console=ttyS0,115200
root=/dev/ram0 " \
--
1.9.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
