From 8f01397ba76d1ee210bedbf031d807e8df34c482 Mon Sep 17 00:00:00 2001
From: Sumit Garg <sumit.garg@nxp.com>
Date: Thu, 14 Jul 2016 12:27:51 -0400
Subject: powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL

As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
the next level U-boot image. Add a new function spl_validate_uboot to
perform the validation.

Enable hardware crypto operations in SPL using SEC block.
In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
access to CPC configured as SRAM, configure PAMU.

Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
---
 include/fsl_validate.h | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'include/fsl_validate.h')

diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index a71e1ce2b0..c350938d1f 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -254,4 +254,11 @@ int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
 
 int fsl_check_boot_mode_secure(void);
 int fsl_setenv_chain_of_trust(void);
+
+/*
+ * This function is used to validate the main U-boot binary from
+ * SPL just before passing control to it using QorIQ Trust
+ * Architecture header (appended to U-boot image).
+ */
+void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
 #endif
-- 
cgit v1.2.3