f4cd75e96a
As things stand currently, there is only one PowerPC platform that enables the options for CHAIN_OF_TRUST. From the board header files, remove a number of never-set options. Remove board specific values from arch/powerpc/include/asm/fsl_secure_boot.h as well. Rework include/config_fsl_chain_trust.h to not abuse the CONFIG namespace for constructing CHAIN_BOOT_CMD. Migrate all of the configurable addresses to Kconfig. If any platforms are re-introduced with secure boot support, everything required should still be here, but now in Kconfig, or requires migration of an option to Kconfig. Cc: Peng Fan <peng.fan@nxp.com> Signed-off-by: Tom Rini <trini@konsulko.com>
221 lines
5.7 KiB
Plaintext
221 lines
5.7 KiB
Plaintext
config NXP_ESBC
|
|
bool "NXP ESBC (secure boot) functionality"
|
|
help
|
|
Enable Freescale Secure Boot feature. Normally selected by defconfig.
|
|
If unsure, do not change.
|
|
|
|
menu "Chain of trust / secure boot options"
|
|
depends on !FIT_SIGNATURE && NXP_ESBC
|
|
|
|
config CHAIN_OF_TRUST
|
|
select FSL_CAAM
|
|
select ARCH_MISC_INIT
|
|
select FSL_SEC_MON
|
|
select SPL_BOARD_INIT if (ARM && SPL)
|
|
select SPL_HASH if (ARM && SPL)
|
|
select SHA_HW_ACCEL
|
|
select SHA_PROG_HW_ACCEL
|
|
select ENV_IS_NOWHERE
|
|
select CMD_EXT4 if ARM
|
|
select CMD_EXT4_WRITE if ARM
|
|
imply CMD_BLOB
|
|
imply CMD_HASH if ARM
|
|
def_bool y
|
|
|
|
config CMD_ESBC_VALIDATE
|
|
bool "Enable the 'esbc_validate' and 'esbc_halt' commands"
|
|
default y
|
|
help
|
|
This option enables two commands used for secure booting:
|
|
|
|
esbc_validate - validate signature using RSA verification
|
|
esbc_halt - put the core in spin loop (Secure Boot Only)
|
|
|
|
config ESBC_HDR_LS
|
|
bool
|
|
|
|
config ESBC_ADDR_64BIT
|
|
def_bool y
|
|
depends on ESBC_HDR_LS && FSL_LAYERSCAPE
|
|
help
|
|
For Layerscape based platforms, ESBC image Address in Header is 64bit.
|
|
|
|
config SYS_FSL_SFP_BE
|
|
def_bool y
|
|
depends on PPC || FSL_LSCH2 || ARCH_LS1021A
|
|
|
|
config SYS_FSL_SFP_LE
|
|
def_bool y
|
|
depends on !SYS_FSL_SFP_BE
|
|
|
|
choice
|
|
prompt "SFP IP revision"
|
|
default SYS_FSL_SFP_VER_3_0 if PPC
|
|
default SYS_FSL_SFP_VER_3_4
|
|
|
|
config SYS_FSL_SFP_VER_3_0
|
|
bool "SFP version 3.0"
|
|
|
|
config SYS_FSL_SFP_VER_3_2
|
|
bool "SFP version 3.2"
|
|
|
|
config SYS_FSL_SFP_VER_3_4
|
|
bool "SFP version 3.4"
|
|
|
|
endchoice
|
|
|
|
config SPL_UBOOT_KEY_HASH
|
|
string "Non-SRK key hash for U-Boot public/private key pair"
|
|
depends on SPL
|
|
default ""
|
|
help
|
|
Set the key hash for U-Boot here if public/private key pair used to
|
|
sign U-boot are different from the SRK hash put in the fuse. Example
|
|
of a key hash is
|
|
41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b.
|
|
Otherwise leave this empty.
|
|
|
|
if PPC
|
|
|
|
config BOOTSCRIPT_COPY_RAM
|
|
bool "Secure boot copies boot script to RAM"
|
|
help
|
|
On systems that support chain of trust booting, a number of addresses
|
|
are required to set variables that are used in the copying and then
|
|
verification of different parts of the system. If enabled, the subsequent
|
|
options are for what location to use in each step.
|
|
|
|
config BS_ADDR_DEVICE
|
|
hex "Address in RAM for bs_device"
|
|
depends on BOOTSCRIPT_COPY_RAM
|
|
|
|
config BS_SIZE
|
|
hex "The size of bs_size which is the amount read from bs_device"
|
|
depends on BOOTSCRIPT_COPY_RAM
|
|
|
|
config BS_ADDR_RAM
|
|
hex "Address in RAM for bs_ram"
|
|
depends on BOOTSCRIPT_COPY_RAM
|
|
|
|
config BS_HDR_ADDR_DEVICE
|
|
hex "Address in RAM for bs_hdr_device"
|
|
depends on BOOTSCRIPT_COPY_RAM
|
|
|
|
config BS_HDR_SIZE
|
|
hex "The size of bs_hdr_size which is the amount read from bs_hdr_device"
|
|
depends on BOOTSCRIPT_COPY_RAM
|
|
|
|
config BS_HDR_ADDR_RAM
|
|
hex "Address in RAM for bs_hdr_ram"
|
|
depends on BOOTSCRIPT_COPY_RAM
|
|
|
|
config BOOTSCRIPT_HDR_ADDR
|
|
hex "CONFIG_BOOTSCRIPT_HDR_ADDR"
|
|
default BS_ADDR_RAM if BOOTSCRIPT_COPY_RAM
|
|
|
|
endif
|
|
|
|
config SYS_FSL_SRK_LE
|
|
def_bool y
|
|
depends on ARM
|
|
|
|
config KEY_REVOCATION
|
|
def_bool y
|
|
|
|
endmenu
|
|
|
|
comment "Other functionality shared between NXP SoCs"
|
|
|
|
config DEEP_SLEEP
|
|
bool "Enable SoC deep sleep feature"
|
|
depends on ARCH_T1024 || ARCH_T1040 || ARCH_T1042 || ARCH_LS1021A
|
|
default y
|
|
help
|
|
Indicates this SoC supports deep sleep feature. If deep sleep is
|
|
supported, core will start to execute uboot when wakes up.
|
|
|
|
config FSL_USE_PCA9547_MUX
|
|
bool "Enable PCA9547 I2C Mux on Freescale boards"
|
|
depends on PPC || ARCH_LS1021A || FSL_LSCH2 || FSL_LSCH3
|
|
help
|
|
This option enables the PCA9547 I2C mux on Freescale boards.
|
|
|
|
config VID
|
|
bool "Enable Freescale VID"
|
|
depends on (PPC || ARCH_LS1021A || FSL_LSCH2 || FSL_LSCH3) && (I2C || DM_I2C)
|
|
help
|
|
This option enables setting core voltage based on individual
|
|
values saved in SoC fuses.
|
|
|
|
config SPL_VID
|
|
bool "Enable Freescale VID in SPL"
|
|
depends on (PPC || ARCH_LS1021A || FSL_LSCH2 || FSL_LSCH3) && (SPL_I2C || DM_SPL_I2C)
|
|
help
|
|
This option enables setting core voltage based on individual
|
|
values saved in SoC fuses, in SPL.
|
|
|
|
if VID || SPL_VID
|
|
|
|
config VID_FLS_ENV
|
|
string "Environment variable for overriding VDD"
|
|
help
|
|
This option allows for specifying the environment variable
|
|
to check to override VDD information.
|
|
|
|
config VOL_MONITOR_INA220
|
|
bool "Enable the INA220 voltage monitor read"
|
|
help
|
|
This option enables INA220 voltage monitor read
|
|
functionality. It is used by the common VID driver.
|
|
|
|
config VOL_MONITOR_IR36021_READ
|
|
bool "Enable the IR36021 voltage monitor read"
|
|
help
|
|
This option enables IR36021 voltage monitor read
|
|
functionality. It is used by the common VID driver.
|
|
|
|
config VOL_MONITOR_IR36021_SET
|
|
bool "Enable the IR36021 voltage monitor set"
|
|
help
|
|
This option enables IR36021 voltage monitor set
|
|
functionality. It is used by the common VID driver.
|
|
|
|
config VOL_MONITOR_LTC3882_READ
|
|
bool "Enable the LTC3882 voltage monitor read"
|
|
help
|
|
This option enables LTC3882 voltage monitor read
|
|
functionality. It is used by the common VID driver.
|
|
|
|
config VOL_MONITOR_LTC3882_SET
|
|
bool "Enable the LTC3882 voltage monitor set"
|
|
help
|
|
This option enables LTC3882 voltage monitor set
|
|
functionality. It is used by the common VID driver.
|
|
|
|
config VOL_MONITOR_ISL68233_READ
|
|
bool "Enable the ISL68233 voltage monitor read"
|
|
help
|
|
This option enables ISL68233 voltage monitor read
|
|
functionality. It is used by the common VID driver.
|
|
|
|
config VOL_MONITOR_ISL68233_SET
|
|
bool "Enable the ISL68233 voltage monitor set"
|
|
help
|
|
This option enables ISL68233 voltage monitor set
|
|
functionality. It is used by the common VID driver.
|
|
|
|
endif
|
|
|
|
config FSL_QIXIS
|
|
bool "Enable QIXIS support"
|
|
depends on PPC || ARCH_LS1021A || FSL_LSCH2 || FSL_LSCH3
|
|
|
|
config QIXIS_I2C_ACCESS
|
|
bool "Access to QIXIS is over i2c"
|
|
depends on FSL_QIXIS
|
|
default y
|
|
|
|
config HAS_FSL_DR_USB
|
|
def_bool y
|
|
depends on USB_EHCI_HCD && PPC
|