diff options
| author | Bryan O'Donoghue <bryan.odonoghue@linaro.org> | 2018-04-24 18:46:47 +0100 |
|---|---|---|
| committer | Stefano Babic <sbabic@denx.de> | 2018-04-26 08:54:18 +0200 |
| commit | bb96a08d5b48f0ee3415619c2119d7153de1d0c2 (patch) | |
| tree | 16df86a9c13e7f4ab42cbfd6ea43099fac02bca2 /include | |
| parent | baea5ecd26888263bd614ff86f93df89302b3627 (diff) | |
| download | u-boot-bb96a08d5b48f0ee3415619c2119d7153de1d0c2.tar.gz u-boot-bb96a08d5b48f0ee3415619c2119d7153de1d0c2.tar.bz2 u-boot-bb96a08d5b48f0ee3415619c2119d7153de1d0c2.zip | |
warp7: Add support for automated secure boot.scr verification
This patch adds support for verifying a signed boot.scr. With this in place
it's possible for run-time Linux to update boot.scr to set different
variables such as switching between different boot partitions, pointing to
different kernels etc and for u-boot to verify these changes via the HAB
prior to executing the commands contained in boot.scr.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/configs/warp7.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/configs/warp7.h b/include/configs/warp7.h index fe9b7d57d7..f340bff3e7 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -53,6 +53,14 @@ "root=PARTUUID=${uuid} rootwait rw\0" \ "ivt_offset=" __stringify(BOOTROM_IVT_HDR_OFFSET)"\0"\ "warp7_auth_or_fail=hab_auth_img_or_fail ${hab_ivt_addr} ${filesize} 0;\0" \ + "do_bootscript_hab=" \ + "if test ${hab_enabled} -eq 1; then " \ + "setexpr hab_ivt_addr ${loadaddr} - ${ivt_offset}; " \ + "setenv script ${script_signed}; " \ + "load mmc ${mmcdev}:${mmcpart} ${hab_ivt_addr} ${script}; " \ + "run warp7_auth_or_fail; " \ + "run bootscript; "\ + "fi;\0" \ "loadbootscript=" \ "load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \ "bootscript=echo Running bootscript from mmc ...; " \ @@ -79,6 +87,7 @@ #define CONFIG_BOOTCOMMAND \ "mmc dev ${mmcdev};" \ "mmc dev ${mmcdev}; if mmc rescan; then " \ + "run do_bootscript_hab;" \ "if run loadbootscript; then " \ "run bootscript; " \ "else " \ |