From: Tom Rini Date: Fri, 17 Jun 2022 20:24:32 +0000 (-0400) Subject: fsl_validate: Migrate SPL_UBOOT_KEY_HASH to Kconfig X-Git-Url: http://git.dujemihanovic.xyz/html/%7B%7B%20.Permalink%20%7D%7D?a=commitdiff_plain;h=5aad0a14bacc22b9d36956f12fa9480e3c0c672f;p=u-boot.git fsl_validate: Migrate SPL_UBOOT_KEY_HASH to Kconfig Move setting of SPL_UBOOT_KEY_HASH to a non-NULL value to Kconfig. As part of this, change fsl_secboot_validate(...) to check that it is passed a non-empty string, rather than non-NULL. Cc: Peng Fan Cc: Priyanka Jain Cc: Kshitiz Varshney Signed-off-by: Tom Rini --- diff --git a/arch/Kconfig.nxp b/arch/Kconfig.nxp index 273e8e86da..ccbf684bdb 100644 --- a/arch/Kconfig.nxp +++ b/arch/Kconfig.nxp @@ -64,6 +64,17 @@ config SYS_FSL_SFP_VER_3_4 endchoice +config SPL_UBOOT_KEY_HASH + string "Non-SRK key hash for U-Boot public/private key pair" + depends on SPL + default "" + help + Set the key hash for U-Boot here if public/private key pair used to + sign U-boot are different from the SRK hash put in the fuse. Example + of a key hash is + 41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b. + Otherwise leave this empty. + config SYS_FSL_SRK_LE def_bool y depends on ARM diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 09c88841e0..9c9e1dab9a 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -8,19 +8,6 @@ #define __FSL_SECURE_BOOT_H #ifdef CONFIG_CHAIN_OF_TRUST -#ifdef CONFIG_SPL_BUILD -/* - * Define the key hash for U-Boot here if public/private key pair used to - * sign U-boot are different from the SRK hash put in the fuse - * Example of defining KEY_HASH is - * #define CONFIG_SPL_UBOOT_KEY_HASH \ - * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" - * else leave it defined as NULL - */ - -#define CONFIG_SPL_UBOOT_KEY_HASH NULL -#endif /* ifdef CONFIG_SPL_BUILD */ - #ifndef CONFIG_SPL_BUILD #ifndef CONFIG_SYS_RAMBOOT /* The key used for verification of next level images diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 9ae4c590f1..c062fa5c19 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -75,16 +75,6 @@ #define CONFIG_SPL_SPAACT_ADDR 0x2f000000 #define CONFIG_SPL_JR0_LIODN_S 454 #define CONFIG_SPL_JR0_LIODN_NS 458 -/* - * Define the key hash for U-Boot here if public/private key pair used to - * sign U-boot are different from the SRK hash put in the fuse - * Example of defining KEY_HASH is - * #define CONFIG_SPL_UBOOT_KEY_HASH \ - * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" - * else leave it defined as NULL - */ - -#define CONFIG_SPL_UBOOT_KEY_HASH NULL #endif /* ifdef CONFIG_SPL_BUILD */ #ifndef CONFIG_SPL_BUILD diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 34875d0b8f..f1a0b0cfc3 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -871,7 +871,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, int ret, i, hash_cmd = 0; u32 srk_hash[8]; - if (arg_hash_str != NULL) { + if (strlen(arg_hash_str) != 0) { const char *cp = arg_hash_str; int i = 0;