u-boot/cmd/mvebu/Kconfig
Pali Rohár f7b0bbca2b cmd: mvebu/bubt: Check for A38x/A37xx OTP secure bits and secure boot
For obvious reasons BootROMS rejects unsigned images when secure boot is
enabled in OTP secure bits. So check for OPT secure bits and do not allow
flashing unsigned images when secure boot is enabled. Access to OTP via
U-Boot fuse API is currently implemented only for A38x and A37xx SoCs.

Additionally Armada 3700 BootROM rejects signed trusted image when secure
boot is not enabled in OTP. So add also check for this case. On the other
hand Armada 38x BootROM acceps images with secure boot header when secure
boot is not enabled in OTP.

OTP secure bits may have burned also boot device source. Check it also and
reject flashing images to target storage which does not match OTP.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00

65 lines
1.6 KiB
Plaintext

menu "MVEBU commands"
depends on ARCH_MVEBU
config CMD_MVEBU_BUBT
bool "bubt"
select SHA256 if ARMADA_3700
select SHA512 if ARMADA_3700
select MVEBU_EFUSE if ARMADA_38X || ARMADA_3700
help
bubt - Burn a u-boot image to flash
For details about bubt command please see the documentation
in doc/mvebu/cmd/bubt.txt
if CMD_MVEBU_BUBT
choice
prompt "Flash for image"
default MVEBU_SPI_BOOT
config MVEBU_NAND_BOOT
bool "NAND flash boot"
depends on NAND_PXA3XX
help
Enable boot from NAND flash.
Allow usage of NAND flash as a target for "bubt" command
For details about bubt command please see the documentation
in doc/mvebu/cmd/bubt.txt
config MVEBU_SPI_BOOT
bool "SPI flash boot"
depends on SPI_FLASH
help
Enable boot from SPI flash.
Allow usage of SPI flash as a target for "bubt" command
For details about bubt command please see the documentation
in doc/mvebu/cmd/bubt.txt
config MVEBU_MMC_BOOT
bool "eMMC flash boot"
depends on MVEBU_MMC || MMC_SDHCI_XENON
help
Enable boot from eMMC boot partition
Allow usage of eMMC/SD device as a target for "bubt" command
For details about bubt command please see the documentation
in doc/mvebu/cmd/bubt.txt
endchoice
config MVEBU_UBOOT_DFLT_NAME
string "Default image name for bubt command"
default "flash-image.bin"
help
This option should contain a default file name to be used with
MVEBU "bubt" command if the source file name is omitted
endif
config CMD_MVEBU_COMPHY_RX_TRAINING
bool "mvebu_comphy_rx_training"
depends on ARMADA_8K
help
Perform COMPHY RX training sequence
endmenu