1 files changed, 56 insertions, 0 deletions

diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
index ecfcc8253a..290536db15 100644
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -6,7 +6,17 @@
 
 #include <common.h>
 #include <fsl_validate.h>
+#include <fsl_secboot_err.h>
 #include <fsl_sfp.h>
+#include <dm/root.h>
+
+#ifdef CONFIG_ADDR_MAP
+#include <asm/mmu.h>
+#endif
+
+#ifdef CONFIG_FSL_CORENET
+#include <asm/fsl_pamu.h>
+#endif
 
 #ifdef CONFIG_LS102XA
 #include <asm/arch/immap_ls102xa.h>
@@ -52,6 +62,7 @@ int fsl_check_boot_mode_secure(void)
 	return 0;
 }
 
+#ifndef CONFIG_SPL_BUILD
 int fsl_setenv_chain_of_trust(void)
 {
 	/* Check Boot Mode
@@ -68,3 +79,48 @@ int fsl_setenv_chain_of_trust(void)
 	setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
 	return 0;
 }
+#endif
+
+#ifdef CONFIG_SPL_BUILD
+void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
+{
+	int res;
+
+	/*
+	 * Check Boot Mode
+	 * If Boot Mode is Non-Secure, skip validation
+	 */
+	if (fsl_check_boot_mode_secure() == 0)
+		return;
+
+	printf("SPL: Validating U-Boot image\n");
+
+#ifdef CONFIG_ADDR_MAP
+	init_addr_map();
+#endif
+
+#ifdef CONFIG_FSL_CORENET
+	if (pamu_init() < 0)
+		fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT);
+#endif
+
+#ifdef CONFIG_FSL_CAAM
+	if (sec_init() < 0)
+		fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT);
+#endif
+
+/*
+ * dm_init_and_scan() is called as part of common SPL framework, so no
+ * need to call it again but in case of powerpc platforms which currently
+ * do not use common SPL framework, so need to call this function here.
+ */
+#if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK))
+	dm_init_and_scan(false);
+#endif
+	res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH,
+				   &img_addr);
+
+	if (res == 0)
+		printf("SPL: Validation of U-boot successful\n");
+}
+#endif /* ifdef CONFIG_SPL_BUILD */