Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
> -Original Message- > From: York Sun > Sent: Friday, September 01, 2017 4:38 AM > To: Sumit Garg ; u-boot@lists.denx.de > Cc: Ruchika Gupta ; Prabhakar Kushwaha > ; Mingkai Hu ; > Shengzhou Liu > Subject: Re: [PATCH] arm64: ls1043ardb: Add distro secure boot support > > On 06/04/2017 11:54 PM, Sumit Garg wrote: > > Enable validation of boot.scr script prior to its execution dependent > > on "secureboot" flag in environment. Disable fall back option to > > nor/qspi boot in case of secure boot. Also enable "secureboot=y" > > flag in environment for ARM based platforms instead of bootcmd. > > > > Signed-off-by: Sumit Garg > > Tested-by: Vinitha Pillai > > --- > > board/freescale/common/fsl_chain_of_trust.c | 6 ++ > > configs/ls1043ardb_SECURE_BOOT_defconfig| 1 + > > configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 + > > include/configs/ls1043a_common.h| 23 > > +- > - > > 4 files changed, 29 insertions(+), 2 deletions(-) > > > > diff --git a/board/freescale/common/fsl_chain_of_trust.c > > b/board/freescale/common/fsl_chain_of_trust.c > > index 438e781..609e2b2 100644 > > --- a/board/freescale/common/fsl_chain_of_trust.c > > +++ b/board/freescale/common/fsl_chain_of_trust.c > > @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void) > > * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot > script) > > */ > > setenv("bootdelay", "0"); > > + > > +#ifdef CONFIG_ARM > > + setenv("secureboot", "y"); > > +#else > > setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD); > > +#endif > > + > > return 0; > > } > > #endif > > diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig > > b/configs/ls1043ardb_SECURE_BOOT_defconfig > > index 861d49b..3f535cc 100644 > > --- a/configs/ls1043ardb_SECURE_BOOT_defconfig > > +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig > > @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y > > CONFIG_RSA=y > > CONFIG_SPL_RSA=y > > CONFIG_RSA_SOFTWARE_EXP=y > > +CONFIG_DISTRO_DEFAULTS=y > > diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > > b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > > index 5f9b21d..2d57e79 100644 > > --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > > +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > > @@ -56,3 +56,4 @@ CONFIG_RSA=y > > CONFIG_SPL_RSA=y > > CONFIG_SPL_CRYPTO_SUPPORT=y > > CONFIG_SPL_HASH_SUPPORT=y > > +CONFIG_DISTRO_DEFAULTS=y > > diff --git a/include/configs/ls1043a_common.h > > b/include/configs/ls1043a_common.h > > index e8a756f..6e30427 100644 > > --- a/include/configs/ls1043a_common.h > > +++ b/include/configs/ls1043a_common.h > > @@ -282,6 +282,7 @@ > > "fdt_addr=0x64f0\0" \ > > "kernel_addr=0x6500\0" \ > > "scriptaddr=0x8000\0" \ > > + "scripthdraddr=0x8008\0"\ > > "fdtheader_addr_r=0x8010\0" \ > > "kernelheader_addr_r=0x8020\0" \ > > "kernel_addr_r=0x8100\0"\ > > @@ -292,6 +293,7 @@ > > "mtdparts=" MTDPARTS_DEFAULT "\0" \ > > BOOTENV \ > > "boot_scripts=ls1043ardb_boot.scr\0"\ > > + "boot_script_hdr=hdr_ls1043ardb_bs.out\0" \ > > "scan_dev_for_boot_part=" \ > > "part list ${devtype} ${devnum} devplist; " \ > > "env exists devplist || setenv devplist 1; " \ @@ -302,6 > > +304,21 @@ > > "run scan_dev_for_boot; " \ > > "fi; " \ > > "done\0"\ > > + "scan_dev_for_boot=" \ > > + "echo Scanning ${devtype} " \ > > + "${devnum}:${distro_bootpart}...; " \ > > + "for prefix in ${boot_prefixes}; do " \ > > + "run scan_dev_for_scripts; " \ > > + "done;" \ > > + "\0" \ > > + "boot_a_script=" \ > > + "load ${devtype} ${devnum}:${distro_bootpart} " \ > > + "${scriptaddr} ${prefix}${script}; "\ > > + "env exists secureboot && load ${devtype} " \ > > + "${devnum}:${distro_bootpart} " \ > > + "${scripthdraddr} ${prefix}${boot_script_hdr} " \ > > + "&& esbc_validate ${scripthdraddr};"\ > > + "source ${scriptaddr}\0" \ > > "installer=load mmc 0:2 $load_addr " \ > >"/flex_installer_arm64.itb; " \ > >"bootm $load_addr#ls1043ardb\0"\ > > @@ -315,9 +332,11 @@ > > > > #undef CONFIG_BOOTCOMMAND > > #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI) > > -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run > qspi_bootcmd" > > +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
On 06/04/2017 11:54 PM, Sumit Garg wrote: > Enable validation of boot.scr script prior to its execution dependent > on "secureboot" flag in environment. Disable fall back option to > nor/qspi boot in case of secure boot. Also enable "secureboot=y" > flag in environment for ARM based platforms instead of bootcmd. > > Signed-off-by: Sumit Garg > Tested-by: Vinitha Pillai > --- > board/freescale/common/fsl_chain_of_trust.c | 6 ++ > configs/ls1043ardb_SECURE_BOOT_defconfig| 1 + > configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 + > include/configs/ls1043a_common.h| 23 +-- > 4 files changed, 29 insertions(+), 2 deletions(-) > > diff --git a/board/freescale/common/fsl_chain_of_trust.c > b/board/freescale/common/fsl_chain_of_trust.c > index 438e781..609e2b2 100644 > --- a/board/freescale/common/fsl_chain_of_trust.c > +++ b/board/freescale/common/fsl_chain_of_trust.c > @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void) >* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script) >*/ > setenv("bootdelay", "0"); > + > +#ifdef CONFIG_ARM > + setenv("secureboot", "y"); > +#else > setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD); > +#endif > + > return 0; > } > #endif > diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig > b/configs/ls1043ardb_SECURE_BOOT_defconfig > index 861d49b..3f535cc 100644 > --- a/configs/ls1043ardb_SECURE_BOOT_defconfig > +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig > @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y > CONFIG_RSA=y > CONFIG_SPL_RSA=y > CONFIG_RSA_SOFTWARE_EXP=y > +CONFIG_DISTRO_DEFAULTS=y > diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > index 5f9b21d..2d57e79 100644 > --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > @@ -56,3 +56,4 @@ CONFIG_RSA=y > CONFIG_SPL_RSA=y > CONFIG_SPL_CRYPTO_SUPPORT=y > CONFIG_SPL_HASH_SUPPORT=y > +CONFIG_DISTRO_DEFAULTS=y > diff --git a/include/configs/ls1043a_common.h > b/include/configs/ls1043a_common.h > index e8a756f..6e30427 100644 > --- a/include/configs/ls1043a_common.h > +++ b/include/configs/ls1043a_common.h > @@ -282,6 +282,7 @@ > "fdt_addr=0x64f0\0" \ > "kernel_addr=0x6500\0" \ > "scriptaddr=0x8000\0" \ > + "scripthdraddr=0x8008\0"\ > "fdtheader_addr_r=0x8010\0" \ > "kernelheader_addr_r=0x8020\0" \ > "kernel_addr_r=0x8100\0"\ > @@ -292,6 +293,7 @@ > "mtdparts=" MTDPARTS_DEFAULT "\0" \ > BOOTENV \ > "boot_scripts=ls1043ardb_boot.scr\0"\ > + "boot_script_hdr=hdr_ls1043ardb_bs.out\0" \ > "scan_dev_for_boot_part=" \ >"part list ${devtype} ${devnum} devplist; " \ >"env exists devplist || setenv devplist 1; " \ > @@ -302,6 +304,21 @@ > "run scan_dev_for_boot; " \ > "fi; " \ > "done\0"\ > + "scan_dev_for_boot=" \ > + "echo Scanning ${devtype} " \ > + "${devnum}:${distro_bootpart}...; " \ > + "for prefix in ${boot_prefixes}; do " \ > + "run scan_dev_for_scripts; " \ > + "done;" \ > + "\0" \ > + "boot_a_script=" \ > + "load ${devtype} ${devnum}:${distro_bootpart} " \ > + "${scriptaddr} ${prefix}${script}; "\ > + "env exists secureboot && load ${devtype} " \ > + "${devnum}:${distro_bootpart} " \ > + "${scripthdraddr} ${prefix}${boot_script_hdr} " \ > + "&& esbc_validate ${scripthdraddr};"\ > + "source ${scriptaddr}\0" \ > "installer=load mmc 0:2 $load_addr " \ > "/flex_installer_arm64.itb; " \ > "bootm $load_addr#ls1043ardb\0"\ > @@ -315,9 +332,11 @@ > > #undef CONFIG_BOOTCOMMAND > #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI) > -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd" > +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" > \ > +"&& esbc_halt; run qspi_bootcmd;" > #else > -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run nor_bootcmd" > +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" > \ > +"&& esbc_halt; run nor_bootcmd;" > #endif > > #define CONFIG_BOOTARGS "console=ttyS0,115200 > root
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
On 06/04/2017 11:54 PM, Sumit Garg wrote: > Enable validation of boot.scr script prior to its execution dependent > on "secureboot" flag in environment. Disable fall back option to > nor/qspi boot in case of secure boot. Also enable "secureboot=y" > flag in environment for ARM based platforms instead of bootcmd. > > Signed-off-by: Sumit Garg > Tested-by: Vinitha Pillai > --- Applied to fsl-qoriq master. Thanks. York ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
> -Original Message- > From: York Sun > Sent: Wednesday, June 14, 2017 2:13 AM > To: Sumit Garg ; u-boot@lists.denx.de > Cc: Ruchika Gupta ; Prabhakar Kushwaha > ; Mingkai Hu ; > Shengzhou Liu > Subject: Re: [PATCH] arm64: ls1043ardb: Add distro secure boot support > > On 06/04/2017 11:54 PM, Sumit Garg wrote: > > Enable validation of boot.scr script prior to its execution dependent > > on "secureboot" flag in environment. Disable fall back option to > > nor/qspi boot in case of secure boot. Also enable "secureboot=y" > > flag in environment for ARM based platforms instead of bootcmd. > > > > Signed-off-by: Sumit Garg > > Tested-by: Vinitha Pillai > > --- > > Can you add the steps to board README or a general README file to describe > the steps to make distro boot on these boards? I don't think it is common > knowledge yet. Last time when I tried on LS2080ARDB, it took me quite some > effort to sort it out. > > York As per my understanding DISTRO boot is common feature in u-boot and we have enabled it on our boards. Please refer to "doc/README.distro". Sumit ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
On 06/04/2017 11:54 PM, Sumit Garg wrote: > Enable validation of boot.scr script prior to its execution dependent > on "secureboot" flag in environment. Disable fall back option to > nor/qspi boot in case of secure boot. Also enable "secureboot=y" > flag in environment for ARM based platforms instead of bootcmd. > > Signed-off-by: Sumit Garg > Tested-by: Vinitha Pillai > --- Can you add the steps to board README or a general README file to describe the steps to make distro boot on these boards? I don't think it is common knowledge yet. Last time when I tried on LS2080ARDB, it took me quite some effort to sort it out. York ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
> -Original Message- > From: Sumit Garg [mailto:sumit.g...@nxp.com] > Sent: Monday, June 05, 2017 11:52 PM > To: u-boot@lists.denx.de > Cc: york sun ; Ruchika Gupta ; > Prabhakar Kushwaha ; Mingkai Hu > ; Shengzhou Liu ; Sumit > Garg > Subject: [PATCH] arm64: ls1043ardb: Add distro secure boot support > > Enable validation of boot.scr script prior to its execution dependent on > "secureboot" flag in environment. Disable fall back option to nor/qspi boot in > case of secure boot. Also enable "secureboot=y" > flag in environment for ARM based platforms instead of bootcmd. > > Signed-off-by: Sumit Garg > Tested-by: Vinitha Pillai > --- Forgot to add dependency on https://patchwork.ozlabs.org/patch/767352/ patch. -Sumit > board/freescale/common/fsl_chain_of_trust.c | 6 ++ > configs/ls1043ardb_SECURE_BOOT_defconfig| 1 + > configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 + > include/configs/ls1043a_common.h| 23 +-- > 4 files changed, 29 insertions(+), 2 deletions(-) > > diff --git a/board/freescale/common/fsl_chain_of_trust.c > b/board/freescale/common/fsl_chain_of_trust.c > index 438e781..609e2b2 100644 > --- a/board/freescale/common/fsl_chain_of_trust.c > +++ b/board/freescale/common/fsl_chain_of_trust.c > @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void) >* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot > script) >*/ > setenv("bootdelay", "0"); > + > +#ifdef CONFIG_ARM > + setenv("secureboot", "y"); > +#else > setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD); > +#endif > + > return 0; > } > #endif > diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig > b/configs/ls1043ardb_SECURE_BOOT_defconfig > index 861d49b..3f535cc 100644 > --- a/configs/ls1043ardb_SECURE_BOOT_defconfig > +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig > @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y > CONFIG_RSA=y > CONFIG_SPL_RSA=y > CONFIG_RSA_SOFTWARE_EXP=y > +CONFIG_DISTRO_DEFAULTS=y > diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > index 5f9b21d..2d57e79 100644 > --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > @@ -56,3 +56,4 @@ CONFIG_RSA=y > CONFIG_SPL_RSA=y > CONFIG_SPL_CRYPTO_SUPPORT=y > CONFIG_SPL_HASH_SUPPORT=y > +CONFIG_DISTRO_DEFAULTS=y > diff --git a/include/configs/ls1043a_common.h > b/include/configs/ls1043a_common.h > index e8a756f..6e30427 100644 > --- a/include/configs/ls1043a_common.h > +++ b/include/configs/ls1043a_common.h > @@ -282,6 +282,7 @@ > "fdt_addr=0x64f0\0" \ > "kernel_addr=0x6500\0" \ > "scriptaddr=0x8000\0" \ > + "scripthdraddr=0x8008\0"\ > "fdtheader_addr_r=0x8010\0" \ > "kernelheader_addr_r=0x8020\0" \ > "kernel_addr_r=0x8100\0"\ > @@ -292,6 +293,7 @@ > "mtdparts=" MTDPARTS_DEFAULT "\0" \ > BOOTENV \ > "boot_scripts=ls1043ardb_boot.scr\0"\ > + "boot_script_hdr=hdr_ls1043ardb_bs.out\0" \ > "scan_dev_for_boot_part=" \ >"part list ${devtype} ${devnum} devplist; " \ >"env exists devplist || setenv devplist 1; " \ @@ -302,6 +304,21 > @@ > "run scan_dev_for_boot; " \ > "fi; " \ > "done\0"\ > + "scan_dev_for_boot=" \ > + "echo Scanning ${devtype} " \ > + "${devnum}:${distro_bootpart}...; " \ > + "for prefix in ${boot_prefixes}; do " \ > + "run scan_dev_for_scripts; " \ > + "done;" \ > + "\0" \ > + "boot_a_script=" \ > + "load ${devtype} ${devnum}:${distro_bootpart} " \ > + "${scriptaddr} ${prefix}${script}; "\ > + "env exists secureboot && load ${devtype} " \ > + "${devnum}:${distro_bootpart} " \ > + "${scripthdraddr} ${prefix}${boot_script_hdr} " \ > + "&& esbc_validate ${scripthdraddr};"\ > + "source ${scriptaddr}\0" \ > "installer=load mmc 0:2 $load_addr " \ > "/flex_installer_arm64.itb; " \ > "bootm $load_addr#ls1043ardb\0"\ > @@ -315,9 +332,11 @@ > > #undef CONFIG_BOOTCOMMAND > #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI) - > #define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd" > +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists > secureboot" \ > +"&& esbc_
[U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support
Enable validation of boot.scr script prior to its execution dependent on "secureboot" flag in environment. Disable fall back option to nor/qspi boot in case of secure boot. Also enable "secureboot=y" flag in environment for ARM based platforms instead of bootcmd. Signed-off-by: Sumit Garg Tested-by: Vinitha Pillai --- board/freescale/common/fsl_chain_of_trust.c | 6 ++ configs/ls1043ardb_SECURE_BOOT_defconfig| 1 + configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 + include/configs/ls1043a_common.h| 23 +-- 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c index 438e781..609e2b2 100644 --- a/board/freescale/common/fsl_chain_of_trust.c +++ b/board/freescale/common/fsl_chain_of_trust.c @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void) * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script) */ setenv("bootdelay", "0"); + +#ifdef CONFIG_ARM + setenv("secureboot", "y"); +#else setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD); +#endif + return 0; } #endif diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig b/configs/ls1043ardb_SECURE_BOOT_defconfig index 861d49b..3f535cc 100644 --- a/configs/ls1043ardb_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_DISTRO_DEFAULTS=y diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig index 5f9b21d..2d57e79 100644 --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig @@ -56,3 +56,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_SPL_CRYPTO_SUPPORT=y CONFIG_SPL_HASH_SUPPORT=y +CONFIG_DISTRO_DEFAULTS=y diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h index e8a756f..6e30427 100644 --- a/include/configs/ls1043a_common.h +++ b/include/configs/ls1043a_common.h @@ -282,6 +282,7 @@ "fdt_addr=0x64f0\0" \ "kernel_addr=0x6500\0" \ "scriptaddr=0x8000\0" \ + "scripthdraddr=0x8008\0"\ "fdtheader_addr_r=0x8010\0" \ "kernelheader_addr_r=0x8020\0" \ "kernel_addr_r=0x8100\0"\ @@ -292,6 +293,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ BOOTENV \ "boot_scripts=ls1043ardb_boot.scr\0"\ + "boot_script_hdr=hdr_ls1043ardb_bs.out\0" \ "scan_dev_for_boot_part=" \ "part list ${devtype} ${devnum} devplist; " \ "env exists devplist || setenv devplist 1; " \ @@ -302,6 +304,21 @@ "run scan_dev_for_boot; " \ "fi; " \ "done\0"\ + "scan_dev_for_boot=" \ + "echo Scanning ${devtype} " \ + "${devnum}:${distro_bootpart}...; " \ + "for prefix in ${boot_prefixes}; do " \ + "run scan_dev_for_scripts; " \ + "done;" \ + "\0" \ + "boot_a_script=" \ + "load ${devtype} ${devnum}:${distro_bootpart} " \ + "${scriptaddr} ${prefix}${script}; "\ + "env exists secureboot && load ${devtype} " \ + "${devnum}:${distro_bootpart} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "&& esbc_validate ${scripthdraddr};"\ + "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ "/flex_installer_arm64.itb; " \ "bootm $load_addr#ls1043ardb\0"\ @@ -315,9 +332,11 @@ #undef CONFIG_BOOTCOMMAND #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI) -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd" +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \ + "&& esbc_halt; run qspi_bootcmd;" #else -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run nor_bootcmd" +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot" \ + "&& esbc_halt; run nor_bootcmd;" #endif #define CONFIG_BOOTARGS"console=ttyS0,115200 root=/dev/ram0 " \ -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot