Re: [U-Boot] [Patch v2] armv8: Secure Boot: Modify boot_a_script definition

2019-05-22 Thread Prabhakar Kushwaha 

> -Original Message-
> From: Udit Agarwal
> Sent: Tuesday, April 23, 2019 11:22 AM
> To: u-boot@lists.denx.de
> Cc: Prabhakar Kushwaha ; Ruchika Gupta
> ; Jagdish Gediya ; Vinitha
> V Pillai ; Udit Agarwal 
> Subject: [Patch v2] armv8: Secure Boot: Modify boot_a_script definition
> 
> From: Vinitha V Pillai 
> 
> boot_script_hdr does not exist, it should not continue to boot. So adding
> separate validation after loading boot_script.
> 
> The secure boot validation of the bootscript header will fail and halts the 
> further
> execution of commands which prevent source command from execution.
> 
> Signed-off-by: Vinitha V Pillai 
> Signed-off-by: Udit Agarwal 
> ---

updated subject and applied to fsl-qoriq master, awaiting upstream

--pk
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [Patch v2] armv8: Secure Boot: Modify boot_a_script definition

2019-04-22 Thread Udit Agarwal 
From: Vinitha V Pillai 

boot_script_hdr does not exist, it should not continue to
boot. So adding separate validation after loading boot_script.

The secure boot validation of the bootscript header will fail
and halts the further execution of commands which prevent
source command from execution.

Signed-off-by: Vinitha V Pillai 
Signed-off-by: Udit Agarwal 
---
Changes in V2:
Corrects commit message to add more clarity.

 include/configs/ls1012afrwy.h| 3 ++-
 include/configs/ls1012ardb.h | 3 ++-
 include/configs/ls1021atwr.h | 3 ++-
 include/configs/ls1043a_common.h | 3 ++-
 include/configs/ls1046a_common.h | 5 +++--
 include/configs/ls1088ardb.h | 3 ++-
 include/configs/ls2080ardb.h | 3 ++-
 7 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h
index ebb1df41c7..12e6437a05 100644
--- a/include/configs/ls1012afrwy.h
+++ b/include/configs/ls1012afrwy.h
@@ -98,7 +98,8 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+   "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+   "env exists secureboot "\
"&& esbc_validate ${scripthdraddr};"\
"source ${scriptaddr}\0"  \
"installer=load mmc 0:2 $load_addr "\
diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h
index f149a604cf..f6640fa499 100644
--- a/include/configs/ls1012ardb.h
+++ b/include/configs/ls1012ardb.h
@@ -98,7 +98,8 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+   "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+   "env exists secureboot "\
"&& esbc_validate ${scripthdraddr};"\
"source ${scriptaddr}\0"  \
"installer=load mmc 0:2 $load_addr "\
diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h
index da55bf2f43..2616f4aa5c 100644
--- a/include/configs/ls1021atwr.h
+++ b/include/configs/ls1021atwr.h
@@ -364,7 +364,8 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+   "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+   "env exists secureboot "\
"&& esbc_validate ${scripthdraddr};"\
"source ${scriptaddr}\0"  \
"installer=load mmc 0:2 $load_addr "\
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index 2e9d476483..8618a5f182 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -275,7 +275,8 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+   "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+   "env exists secureboot "\
"&& esbc_validate ${scripthdraddr};"\
"source ${scriptaddr}\0"\
"qspi_bootcmd=echo Trying load from qspi..;"\
diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h
index 24ff2d1547..e4e71b24d4 100644
--- a/include/configs/ls1046a_common.h
+++ b/include/configs/ls1046a_common.h
@@ -256,8 +256,9 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
-   "&& esbc_validate ${scripthdraddr};"\
+   "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+   "env exists secureboot "\
+   "&& esbc_validate ${scripthdraddr};"\
"source ${scriptaddr}\0"  \
"qspi_bootcmd=echo Trying load from qspi..;"  \
"sf probe && sf read $load_addr " \
diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index 45af087dc6..322adb530a 100644
--- a/include/configs/ls1088ardb.h
+++