SECURE_BOOT: Enable chain of trust in SPL framework

Override jump_to_image_no_args function to include validation of
u-boot image using spl_validate_uboot before jumping to u-boot image.
Also define macros in SPL framework to enable crypto operations.

Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>

arch/arm/include/asm/fsl_secure_boot.h

@@ -17,8 +17,6 @@
 
 #ifdef CONFIG_CHAIN_OF_TRUST
 #define CONFIG_CMD_ESBC_VALIDATE
-#define CONFIG_CMD_BLOB
-#define CONFIG_CMD_HASH
 #define CONFIG_FSL_SEC_MON
 #define CONFIG_SHA_HW_ACCEL
 #define CONFIG_SHA_PROG_HW_ACCEL
@@ -28,6 +26,28 @@
 #define CONFIG_FSL_CAAM
 #endif
 
+#ifdef CONFIG_SPL_BUILD
+#define CONFIG_SPL_BOARD_INIT
+#define CONFIG_SPL_DM			1
+#define CONFIG_SPL_CRYPTO_SUPPORT
+#define CONFIG_SPL_HASH_SUPPORT
+#define CONFIG_SPL_RSA
+#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
+/*
+ * Define the key hash for U-Boot here if public/private key pair used to
+ * sign U-boot are different from the SRK hash put in the fuse
+ * Example of defining KEY_HASH is
+ * #define CONFIG_SPL_UBOOT_KEY_HASH \
+ *      "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
+ * else leave it defined as NULL
+ */
+
+#define CONFIG_SPL_UBOOT_KEY_HASH	NULL
+#endif /* ifdef CONFIG_SPL_BUILD */
+
+#ifndef CONFIG_SPL_BUILD
+#define CONFIG_CMD_BLOB
+#define CONFIG_CMD_HASH
 #define CONFIG_KEY_REVOCATION
 #ifndef CONFIG_SYS_RAMBOOT
 /* The key used for verification of next level images
@@ -92,5 +112,6 @@
 #endif
 
 #include <config_fsl_chain_trust.h>
+#endif /* #ifndef CONFIG_SPL_BUILD */
 #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
 #endif

board/freescale/common/fsl_chain_of_trust.c

@@ -10,6 +10,10 @@
 #include <fsl_sfp.h>
 #include <dm/root.h>
 
+#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
+#include <spl.h>
+#endif
+
 #ifdef CONFIG_ADDR_MAP
 #include <asm/mmu.h>
 #endif
@@ -115,7 +119,7 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
  * do not use common SPL framework, so need to call this function here.
  */
 #if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK))
-	dm_init_and_scan(false);
+	dm_init_and_scan(true);
 #endif
 	res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH,
 				   &img_addr);
@@ -123,4 +127,32 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
 	if (res == 0)
 		printf("SPL: Validation of U-boot successful\n");
 }
+
+#ifdef CONFIG_SPL_FRAMEWORK
+/* Override weak funtion defined in SPL framework to enable validation
+ * of main u-boot image before jumping to u-boot image.
+ */
+void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
+{
+	typedef void __noreturn (*image_entry_noargs_t)(void);
+	uint32_t hdr_addr;
+
+	image_entry_noargs_t image_entry =
+		(image_entry_noargs_t)(unsigned long)spl_image->entry_point;
+
+	hdr_addr = (spl_image->entry_point + spl_image->size -
+			CONFIG_U_BOOT_HDR_SIZE);
+	spl_validate_uboot(hdr_addr, (uintptr_t)spl_image->entry_point);
+	/*
+	 * In case of failure in validation, spl_validate_uboot would
+	 * not return back in case of Production environment with ITS=1.
+	 * Thus U-Boot will not start.
+	 * In Development environment (ITS=0 and SB_EN=1), the function
+	 * may return back in case of non-fatal failures.
+	 */
+
+	debug("image entry point: 0x%X\n", spl_image->entry_point);
+	image_entry();
+}
+#endif /* ifdef CONFIG_SPL_FRAMEWORK */
 #endif /* ifdef CONFIG_SPL_BUILD */