ipq5332: TINY NOR: disable signed boot support

Disable signed image authentication and secure dump support. Change-Id: I3f32cf252dc857f9b03af3474018218fe6601b37 Signed-off-by: Gokul Sriram Palanisamy <quic_gokulsri@quicinc.com> Signed-off-by: Timple Raj M <quic_timple@quicinc.com>
2026-03-08 10:17:13 +01:00 · 2022-08-29 13:29:46 +05:30 · 2022-08-29 13:29:46 +05:30 · f33264587a
commit f33264587a
parent 46e2b15623
3 changed files with 19 additions and 6 deletions
--- a/board/qca/arm/common/cmd_bootqca.c
+++ b/board/qca/arm/common/cmd_bootqca.c
@ -350,6 +350,7 @@ static int parse_elf_image_phdr(image_info *img_info, unsigned int addr)
 }
 #endif

+#ifndef CONFIG_DISABLE_SIGNED_BOOT
 static int copy_rootfs(unsigned int request, uint32_t size)
 {
 	char runcmd[256];
@ -756,6 +757,7 @@ static int do_boot_signedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const a
 #endif
 	return CMD_RET_SUCCESS;
 }
+#endif

 static int do_boot_unsignedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 {
@ -921,7 +923,9 @@ static int do_boot_unsignedimg(cmd_tbl_t *cmdtp, int flag, int argc, char *const
 static int do_bootipq(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 {
 	int ret;
+#ifndef CONFIG_DISABLE_SIGNED_BOOT
 	char buf = 0;
+#endif
 	/*
 	 * set fdt_high parameter so that u-boot will not load
 	 * dtb above CONFIG_IPQ40XX_FDT_HIGH region.
@ -931,18 +935,22 @@ static int do_bootipq(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
 		return CMD_RET_FAILURE;
 	}

-	ret = qca_scm_call(SCM_SVC_FUSE, QFPROM_IS_AUTHENTICATE_CMD, &buf, sizeof(char));
-
 #if defined(CONFIG_IPQ9574_EDMA) || defined(CONFIG_IPQ5332_EDMA)
 	aquantia_phy_reset_init_done();
 #endif
+
+#ifndef CONFIG_DISABLE_SIGNED_BOOT
+	ret = qca_scm_call(SCM_SVC_FUSE, QFPROM_IS_AUTHENTICATE_CMD, &buf, sizeof(char));
+
 	/*
 	|| if atf is enable in env ,do_boot_signedimg is skip.
 	|| Note: This features currently support in ipq50XX.
 	*/
 	if (ret == 0 && buf == 1 && !is_atf_enabled()) {
 		ret = do_boot_signedimg(cmdtp, flag, argc, argv);
-	} else if (ret == 0 || ret == -EOPNOTSUPP) {
+	} else if (ret == 0 || ret == -EOPNOTSUPP)
+#endif
+	{
 		ret = do_boot_unsignedimg(cmdtp, flag, argc, argv);
 	}

--- a/board/qca/arm/common/crashdump.c
+++ b/board/qca/arm/common/crashdump.c
@ -471,7 +471,7 @@ static int do_dumpqca_data(unsigned int dump_level)
 	int indx;
 	int ebi_indx = 0;
 	int ret = CMD_RET_FAILURE;
-#ifdef CONFIG_IPQ5018
+#if defined(CONFIG_IPQ5018) && !defined(CONFIG_DISABLE_SIGNED_BOOT)
 	char buf = 1;
 #endif
 	struct dumpinfo_t *dumpinfo = dumpinfo_n;
@ -557,7 +557,7 @@ static int do_dumpqca_data(unsigned int dump_level)
 #endif
 	}

-#ifdef CONFIG_IPQ5018
+#if defined(CONFIG_IPQ5018) && !defined(CONFIG_DISABLE_SIGNED_BOOT)
 	ret = qca_scm_call(SCM_SVC_FUSE,
 			   QFPROM_IS_AUTHENTICATE_CMD, &buf, sizeof(char));
 	if (ret == 0 && buf == 1) {
@ -613,11 +613,13 @@ static int do_dumpqca_data(unsigned int dump_level)
 					dumpinfo[indx].size = gd->ram_size / 2;
 					comp_addr = memaddr;
 				}
+#ifndef CONFIG_DISABLE_SIGNED_BOOT
 				snprintf(temp, sizeof(temp), "%sEBICS_S2", dump_prefix);
 				if (!strncmp(dumpinfo[indx].name, temp, strlen(temp))) {
 					dumpinfo[indx].size = gd->ram_size - (dumpinfo[indx].start - CONFIG_SYS_SDRAM_BASE);
 					comp_addr = memaddr;
 				}
+#endif
 				snprintf(temp, sizeof(temp), "%sEBICS1", dump_prefix);
 				if (!strncmp(dumpinfo[indx].name, temp, strlen(temp))) {
 					dumpinfo[indx].size = (gd->ram_size / 2)
@ -629,12 +631,14 @@ static int do_dumpqca_data(unsigned int dump_level)
 				if (!strncmp(dumpinfo[indx].name,
 					     temp, strlen(temp)))
 					dumpinfo[indx].size = gd->ram_size;
+#ifndef CONFIG_DISABLE_SIGNED_BOOT
 				snprintf(temp, sizeof(temp), "%sEBICS_S1", dump_prefix);
 				if (!strncmp(dumpinfo[indx].name,
 					     temp, strlen(temp)))
 					dumpinfo[indx].size = gd->ram_size
 							      - dumpinfo[indx - 1].size
 							      - CONFIG_TZ_SIZE;
+#endif
 			}

 			if (is_compress == 1 && (dumpinfo[indx].to_compress == 1)) {
--- a/include/configs/ipq5332.h
+++ b/include/configs/ipq5332.h
@ -447,12 +447,13 @@ extern loff_t board_env_size;
 #define CONFIG_DISABLE_CMD_SF_UPDATE
 #define CONFIG_DISABLE_CMD_SF_PROTECT
 #define CONFIG_DISABLE_CMD_SF_BULKERASE
+#else
+#define CONFIG_IPQ_ELF_AUTH
 #endif

 /*
 * ELF authentication
 */
-#define CONFIG_IPQ_ELF_AUTH
 #define CONFIG_VERSION_ROLLBACK_PARTITION_INFO

 #undef CONFIG_BOOTM_NETBSD