From: Saksham Jain <saksham.jain@nxp.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 06/14] SECURE BOOT: Copy Bootscript and header from NOR to DDR for LS2080/5
Date: Wed, 27 Jan 2016 15:31:03 +0530 [thread overview]
Message-ID: <1453888871-13307-7-git-send-email-saksham.jain@nxp.com> (raw)
In-Reply-To: <1453888871-13307-1-git-send-email-saksham.jain@nxp.com>
During Secure Boot, a bootscript is validated using its header.
This patch copies both these images to DDR from NOR and then validates and
executed them from DDR. (If NOR is the boot source for LS2080 and LS2085).
This copy step is done to make this step common across booting sources.
Because in case of non-xip memories (e.g. NAND, SD) it is neccessary to copy
both these images to DDR.
For other ARM Platforms (ls1043 and ls1020), header is not copied from NOR
to DDR (otherwise customers will need to modify the existing headers).
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
---
arch/arm/include/asm/fsl_secure_boot.h | 23 ++++++++++++++++++++---
include/config_fsl_chain_trust.h | 11 +++++++----
2 files changed, 27 insertions(+), 7 deletions(-)
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 7c55ea1..4bd0517 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -62,13 +62,30 @@
"setenv initrd_high 0xcfffffff;" \
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
-/* The address needs to be modified according to NOR memory map */
+/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
+ * Non-XIP Memory (Nand/SD)*/
+#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) ||\
+ defined(CONFIG_LS2085A)
+#define CONFIG_BOOTSCRIPT_COPY_RAM
+#endif
+/* The address needs to be modified according to NOR and DDR memory map */
#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR 0x583920000
+#define CONFIG_BS_HDR_ADDR_FLASH 0x583920000
+#define CONFIG_BS_ADDR_FLASH 0x583900000
+#define CONFIG_BS_HDR_ADDR_RAM 0xa3920000
+#define CONFIG_BS_ADDR_RAM 0xa3900000
#else
-#define CONFIG_BOOTSCRIPT_HDR_ADDR 0x600a0000
+#define CONFIG_BS_HDR_ADDR_FLASH 0x600a0000
+#define CONFIG_BS_ADDR_FLASH 0x60060000
+#define CONFIG_BS_HDR_ADDR_RAM 0xa0060000
+#define CONFIG_BS_ADDR_RAM 0xa0060000
#endif
+#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
+#define CONFIG_BS_HDR_SIZE 0x00002000
+#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM
+#define CONFIG_BS_SIZE 0x00001000
+
#include <config_fsl_chain_trust.h>
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index 45dda56..aa222bb 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -65,8 +65,6 @@
"esbc_halt\0"
#endif
-/* For secure boot flow, default environment used will be used */
-#if defined(CONFIG_SYS_RAMBOOT)
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BS_COPY_ENV \
"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
@@ -76,14 +74,19 @@
"setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
+/* For secure boot flow, default environment used will be used */
+#if defined(CONFIG_SYS_RAMBOOT)
#if defined(CONFIG_RAMBOOT_NAND)
#define CONFIG_BS_COPY_CMD \
"nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
"nand read $bs_ram $bs_flash $bs_size ;"
#endif /* CONFIG_RAMBOOT_NAND */
-#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
-
+#else
+#define CONFIG_BS_COPY_CMD \
+ "cp.b $bs_hdr_flash $bs_hdr_ram $bs_hdr_size ;" \
+ "cp.b $bs_flash $bs_ram $bs_size ;"
#endif
+#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
#ifndef CONFIG_BS_COPY_ENV
#define CONFIG_BS_COPY_ENV
--
1.8.1.4
next prev parent reply other threads:[~2016-01-27 10:01 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-27 10:00 [U-Boot] [PATCH 00/14] Add Support for Secure Boot on LS208x Saksham Jain
2016-01-27 10:00 ` [U-Boot] [PATCH 01/14] armv8: ls2080: Add SFP Configs for LS2080/LS2085 Saksham Jain
2016-01-27 10:00 ` [U-Boot] [PATCH 02/14] armv8: ls2080: Add Secure Boot configs: SEC, Security Monitor, SRK and RCW Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 03/14] SECURE BOOT: Add new ESBC header for ls-ch3 Secure Boot Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 04/14] SECURE BOOT: Add Secure Boot support on ls2080aqds/rdb Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 05/14] armv8: fsl-lsch3: Add bootscript header address for Secure Boot Saksham Jain
2016-01-27 10:01 ` Saksham Jain [this message]
2016-01-27 10:01 ` [U-Boot] [PATCH 07/14] SECURE BOOT: Change env variable "fdt_high" for LS2080a and LS2085a Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 08/14] armv8 : ls2080: Add config for endianess of CCSR GUR Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 09/14] armv8: fsl-lsch3: Disable SMMU during Secure Boot Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 10/14] crypto/fsl: Correct 64bit Write when MMU disabled Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 11/14] crypto/fsl: Make CAAM transactions cacheable Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 12/14] SECURE_BOOT: Use default bootargs during Secure Boot Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 13/14] SECURE BOOT: Halt execution when secure boot fail after reset request Saksham Jain
2016-01-27 10:01 ` [U-Boot] [PATCH 14/14] SECURE_BOOT: Enable IE (Key extention) Feature in Ls2085a & LS2088a Saksham Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1453888871-13307-7-git-send-email-saksham.jain@nxp.com \
--to=saksham.jain@nxp.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.