|  | /* | 
|  | * (C) Copyright 2015 | 
|  | * | 
|  | * SPDX-License-Identifier:	GPL-2.0+ | 
|  | */ | 
|  |  | 
|  | esbc_validate command | 
|  | ======================================== | 
|  |  | 
|  | 1. esbc_validate command is meant for validating header and | 
|  | signature of images (Boot Script and ESBC uboot client). | 
|  | SHA-256 and RSA operations are performed using SEC block in HW. | 
|  | This command works on both PBL based and Non PBL based Freescale | 
|  | platforms. | 
|  | Command usage: | 
|  | esbc_validate img_hdr_addr [pub_key_hash] | 
|  | esbc_validate hdr_addr <hash_val> | 
|  | Validates signature using RSA verification. | 
|  | $hdr_addr Address of header of the image to be validated. | 
|  | $hash_val -Optional. It provides Hash of public/srk key to be | 
|  | used to verify signature. | 
|  |  | 
|  | 2. ESBC uboot client can be linux. Additionally, rootfs and device | 
|  | tree blob can also be signed. | 
|  | 3. In the event of header or signature failure in validation, | 
|  | ITS and ITF bits determine further course of action. | 
|  | 4. In case of soft failure, appropriate error is dumped on console. | 
|  | 5. In case of hard failure, SoC is issued RESET REQUEST after | 
|  | dumping error on the console. | 
|  | 6. KEY REVOCATION Feature: | 
|  | QorIQ platforms like B4/T4 have support of srk key table and key | 
|  | revocation in ISBC code in Silicon. | 
|  | The srk key table allows the user to have a key table with multiple | 
|  | keys and revoke any key in case of particular key gets compromised. | 
|  | In case the ISBC code uses the key revocation and srk key table to | 
|  | verify the u-boot code, the subsequent chain of trust should also | 
|  | use the same. | 
|  | 6. ISBC KEY EXTENSION Feature: | 
|  | This feature allows large number of keys to be used for esbc validation | 
|  | of images. A set of public keys is being signed and validated by ISBC | 
|  | which can be further used for esbc validation of images. |