* [U-Boot] [PATCH 0/4] Add SECURE BOOT support in SPL framework
@ 2016-06-14 17:52 Sumit Garg
2016-06-14 17:52 ` [U-Boot] [PATCH 1/4] DM: crypto/fsl: Enable rsa DM driver usage before relocation Sumit Garg
` (3 more replies)
0 siblings, 4 replies; 15+ messages in thread
From: Sumit Garg @ 2016-06-14 17:52 UTC (permalink / raw)
To: u-boot
The patch-set does the following :
1. Enable chain of trust in SPL framework for ARM based platforms.
3. Add SD secure boot target for ls1021atwr platform.
Sumit Garg (4):
DM: crypto/fsl: Enable rsa DM driver usage before relocation
SECURE_BOOT: Enable chain of trust in SPL framework
SECURE_BOOT: Enable SD as a source for bootscript
arm: ls1021atwr: Add SD secure boot target
arch/arm/include/asm/fsl_secure_boot.h | 68 +++++++++++++++++-----
arch/powerpc/include/asm/fsl_secure_boot.h | 4 +-
board/freescale/common/fsl_chain_of_trust.c | 34 ++++++++++-
board/freescale/ls1021atwr/ls1021atwr.c | 7 +++
.../ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 31 ++++++++++
drivers/crypto/fsl/fsl_rsa.c | 1 +
include/config_fsl_chain_trust.h | 18 +++---
include/configs/ls1021atwr.h | 22 +++++++
8 files changed, 159 insertions(+), 26 deletions(-)
create mode 100644 configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig
--
1.8.1.4
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 1/4] DM: crypto/fsl: Enable rsa DM driver usage before relocation
2016-06-14 17:52 [U-Boot] [PATCH 0/4] Add SECURE BOOT support in SPL framework Sumit Garg
@ 2016-06-14 17:52 ` Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-07-26 20:20 ` york sun
2016-06-14 17:52 ` [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework Sumit Garg
` (2 subsequent siblings)
3 siblings, 2 replies; 15+ messages in thread
From: Sumit Garg @ 2016-06-14 17:52 UTC (permalink / raw)
To: u-boot
Enable rsa signature verification in SPL framework before relocation for
verification of main u-boot.
Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
drivers/crypto/fsl/fsl_rsa.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/fsl/fsl_rsa.c b/drivers/crypto/fsl/fsl_rsa.c
index cf1c4c1..5471504 100644
--- a/drivers/crypto/fsl/fsl_rsa.c
+++ b/drivers/crypto/fsl/fsl_rsa.c
@@ -53,6 +53,7 @@ U_BOOT_DRIVER(fsl_rsa_mod_exp) = {
.name = "fsl_rsa_mod_exp",
.id = UCLASS_MOD_EXP,
.ops = &fsl_mod_exp_ops,
+ .flags = DM_FLAG_PRE_RELOC,
};
U_BOOT_DEVICE(fsl_rsa) = {
--
1.8.1.4
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework
2016-06-14 17:52 [U-Boot] [PATCH 0/4] Add SECURE BOOT support in SPL framework Sumit Garg
2016-06-14 17:52 ` [U-Boot] [PATCH 1/4] DM: crypto/fsl: Enable rsa DM driver usage before relocation Sumit Garg
@ 2016-06-14 17:52 ` Sumit Garg
2016-06-17 3:52 ` Simon Glass
` (2 more replies)
2016-06-14 17:52 ` [U-Boot] [PATCH 3/4] SECURE_BOOT: Enable SD as a source for bootscript Sumit Garg
2016-06-14 17:52 ` [U-Boot] [PATCH 4/4] arm: ls1021atwr: Add SD secure boot target Sumit Garg
3 siblings, 3 replies; 15+ messages in thread
From: Sumit Garg @ 2016-06-14 17:52 UTC (permalink / raw)
To: u-boot
Override jump_to_image_no_args function to include validation of
u-boot image using spl_validate_uboot before jumping to u-boot image.
Also define macros in SPL framework to enable crypto operations.
Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
arch/arm/include/asm/fsl_secure_boot.h | 25 +++++++++++++++++++--
board/freescale/common/fsl_chain_of_trust.c | 34 ++++++++++++++++++++++++++++-
2 files changed, 56 insertions(+), 3 deletions(-)
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 53cd755..3f76c9a 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -17,8 +17,6 @@
#ifdef CONFIG_CHAIN_OF_TRUST
#define CONFIG_CMD_ESBC_VALIDATE
-#define CONFIG_CMD_BLOB
-#define CONFIG_CMD_HASH
#define CONFIG_FSL_SEC_MON
#define CONFIG_SHA_HW_ACCEL
#define CONFIG_SHA_PROG_HW_ACCEL
@@ -28,6 +26,28 @@
#define CONFIG_FSL_CAAM
#endif
+#ifdef CONFIG_SPL_BUILD
+#define CONFIG_SPL_BOARD_INIT
+#define CONFIG_SPL_DM 1
+#define CONFIG_SPL_CRYPTO_SUPPORT
+#define CONFIG_SPL_HASH_SUPPORT
+#define CONFIG_SPL_RSA
+#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
+/*
+ * Define the key hash for U-Boot here if public/private key pair used to
+ * sign U-boot are different from the SRK hash put in the fuse
+ * Example of defining KEY_HASH is
+ * #define CONFIG_SPL_UBOOT_KEY_HASH \
+ * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
+ * else leave it defined as NULL
+ */
+
+#define CONFIG_SPL_UBOOT_KEY_HASH NULL
+#endif /* ifdef CONFIG_SPL_BUILD */
+
+#ifndef CONFIG_SPL_BUILD
+#define CONFIG_CMD_BLOB
+#define CONFIG_CMD_HASH
#define CONFIG_KEY_REVOCATION
#ifndef CONFIG_SYS_RAMBOOT
/* The key used for verification of next level images
@@ -92,5 +112,6 @@
#endif
#include <config_fsl_chain_trust.h>
+#endif /* #ifndef CONFIG_SPL_BUILD */
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif
diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
index 7bf9827..0f5ec35 100644
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -10,6 +10,10 @@
#include <fsl_sfp.h>
#include <dm/root.h>
+#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
+#include <spl.h>
+#endif
+
#ifdef CONFIG_ADDR_MAP
#include <asm/mmu.h>
#endif
@@ -113,7 +117,7 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
* do not use common SPL framework, so need to call this function here.
*/
#if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK))
- dm_init_and_scan(false);
+ dm_init_and_scan(true);
#endif
res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH,
&img_addr);
@@ -121,4 +125,32 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
if (res == 0)
printf("SPL: Validation of U-boot successful\n");
}
+
+#ifdef CONFIG_SPL_FRAMEWORK
+/* Override weak funtion defined in SPL framework to enable validation
+ * of main u-boot image before jumping to u-boot image.
+ */
+void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
+{
+ typedef void __noreturn (*image_entry_noargs_t)(void);
+ uint32_t hdr_addr;
+
+ image_entry_noargs_t image_entry =
+ (image_entry_noargs_t)(unsigned long)spl_image->entry_point;
+
+ hdr_addr = (spl_image->entry_point + spl_image->size -
+ CONFIG_U_BOOT_HDR_SIZE);
+ spl_validate_uboot(hdr_addr, (uintptr_t)spl_image->entry_point);
+ /*
+ * In case of failure in validation, spl_validate_uboot would
+ * not return back in case of Production environment with ITS=1.
+ * Thus U-Boot will not start.
+ * In Development environment (ITS=0 and SB_EN=1), the function
+ * may return back in case of non-fatal failures.
+ */
+
+ debug("image entry point: 0x%X\n", spl_image->entry_point);
+ image_entry();
+}
+#endif /* ifdef CONFIG_SPL_FRAMEWORK */
#endif /* ifdef CONFIG_SPL_BUILD */
--
1.8.1.4
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 3/4] SECURE_BOOT: Enable SD as a source for bootscript
2016-06-14 17:52 [U-Boot] [PATCH 0/4] Add SECURE BOOT support in SPL framework Sumit Garg
2016-06-14 17:52 ` [U-Boot] [PATCH 1/4] DM: crypto/fsl: Enable rsa DM driver usage before relocation Sumit Garg
2016-06-14 17:52 ` [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework Sumit Garg
@ 2016-06-14 17:52 ` Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-07-26 20:20 ` york sun
2016-06-14 17:52 ` [U-Boot] [PATCH 4/4] arm: ls1021atwr: Add SD secure boot target Sumit Garg
3 siblings, 2 replies; 15+ messages in thread
From: Sumit Garg @ 2016-06-14 17:52 UTC (permalink / raw)
To: u-boot
Add support for reading bootscript and bootscript header from SD. Also
renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and
NOR flash.
Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
arch/arm/include/asm/fsl_secure_boot.h | 43 ++++++++++++++++++++----------
arch/powerpc/include/asm/fsl_secure_boot.h | 4 +--
include/config_fsl_chain_trust.h | 18 ++++++++-----
3 files changed, 42 insertions(+), 23 deletions(-)
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 3f76c9a..b35c271 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -78,37 +78,52 @@
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
#else
#define CONFIG_EXTRA_ENV \
- "setenv fdt_high 0xcfffffff;" \
- "setenv initrd_high 0xcfffffff;" \
+ "setenv fdt_high 0xffffffff;" \
+ "setenv initrd_high 0xffffffff;" \
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
#endif
/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
* Non-XIP Memory (Nand/SD)*/
-#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A)
+#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \
+ defined(CONFIG_SD_BOOT)
#define CONFIG_BOOTSCRIPT_COPY_RAM
#endif
-/* The address needs to be modified according to NOR and DDR memory map */
+/* The address needs to be modified according to NOR, NAND, SD and
+ * DDR memory map
+ */
#ifdef CONFIG_LS2080A
-#define CONFIG_BS_HDR_ADDR_FLASH 0x583920000
-#define CONFIG_BS_ADDR_FLASH 0x583900000
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x583920000
+#define CONFIG_BS_ADDR_DEVICE 0x583900000
#define CONFIG_BS_HDR_ADDR_RAM 0xa3920000
#define CONFIG_BS_ADDR_RAM 0xa3900000
+#define CONFIG_BS_HDR_SIZE 0x00002000
+#define CONFIG_BS_SIZE 0x00001000
+#else
+#ifdef CONFIG_SD_BOOT
+/* For SD boot address and size are assigned in terms of sector
+ * offset and no. of sectors respectively.
+ */
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000800
+#define CONFIG_BS_ADDR_DEVICE 0x00000840
+#define CONFIG_BS_HDR_SIZE 0x00000010
+#define CONFIG_BS_SIZE 0x00000008
#else
-#define CONFIG_BS_HDR_ADDR_FLASH 0x600a0000
-#define CONFIG_BS_ADDR_FLASH 0x60060000
-#define CONFIG_BS_HDR_ADDR_RAM 0xa0060000
-#define CONFIG_BS_ADDR_RAM 0xa0060000
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000
+#define CONFIG_BS_ADDR_DEVICE 0x60060000
+#define CONFIG_BS_HDR_SIZE 0x00002000
+#define CONFIG_BS_SIZE 0x00001000
+#endif /* #ifdef CONFIG_SD_BOOT */
+#define CONFIG_BS_HDR_ADDR_RAM 0x81000000
+#define CONFIG_BS_ADDR_RAM 0x81020000
#endif
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
-#define CONFIG_BS_HDR_SIZE 0x00002000
#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM
-#define CONFIG_BS_SIZE 0x00001000
#else
-#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_FLASH
-/* BS_HDR_SIZE, BOOTSCRIPT_ADDR and BS_SIZE are not required */
+#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_DEVICE
+/* BOOTSCRIPT_ADDR is not required */
#endif
#include <config_fsl_chain_trust.h>
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 2435cf8..7c39bdd 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -127,10 +127,10 @@
/* If Boot Script is not on NOR and is required to be copied on RAM */
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BS_HDR_ADDR_RAM 0x00010000
-#define CONFIG_BS_HDR_ADDR_FLASH 0x00800000
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x00800000
#define CONFIG_BS_HDR_SIZE 0x00002000
#define CONFIG_BS_ADDR_RAM 0x00012000
-#define CONFIG_BS_ADDR_FLASH 0x00802000
+#define CONFIG_BS_ADDR_DEVICE 0x00802000
#define CONFIG_BS_SIZE 0x00001000
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index 566fd80..eb45e98 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -74,23 +74,27 @@
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BS_COPY_ENV \
"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
- "setenv bs_hdr_flash " __stringify(CONFIG_BS_HDR_ADDR_FLASH)";" \
+ "setenv bs_hdr_device " __stringify(CONFIG_BS_HDR_ADDR_DEVICE)";" \
"setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
"setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
- "setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
+ "setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
/* For secure boot flow, default environment used will be used */
#if defined(CONFIG_SYS_RAMBOOT)
#if defined(CONFIG_RAMBOOT_NAND)
#define CONFIG_BS_COPY_CMD \
- "nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
- "nand read $bs_ram $bs_flash $bs_size ;"
+ "nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
+ "nand read $bs_ram $bs_device $bs_size ;"
#endif /* CONFIG_RAMBOOT_NAND */
-#else
+#elif defined(CONFIG_SD_BOOT)
+#define CONFIG_BS_COPY_CMD \
+ "mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
+ "mmc read $bs_ram $bs_device $bs_size ;"
+#else /* CONFIG_SD_BOOT */
#define CONFIG_BS_COPY_CMD \
- "cp.b $bs_hdr_flash $bs_hdr_ram $bs_hdr_size ;" \
- "cp.b $bs_flash $bs_ram $bs_size ;"
+ "cp.b $bs_hdr_device $bs_hdr_ram $bs_hdr_size ;" \
+ "cp.b $bs_device $bs_ram $bs_size ;"
#endif
#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
--
1.8.1.4
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 4/4] arm: ls1021atwr: Add SD secure boot target
2016-06-14 17:52 [U-Boot] [PATCH 0/4] Add SECURE BOOT support in SPL framework Sumit Garg
` (2 preceding siblings ...)
2016-06-14 17:52 ` [U-Boot] [PATCH 3/4] SECURE_BOOT: Enable SD as a source for bootscript Sumit Garg
@ 2016-06-14 17:52 ` Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-07-26 20:20 ` york sun
3 siblings, 2 replies; 15+ messages in thread
From: Sumit Garg @ 2016-06-14 17:52 UTC (permalink / raw)
To: u-boot
Add SD secure boot target for ls1021atwr.
Implement board specific spl_board_init() to setup CAAM stream ID and
corresponding stream ID in SMMU. Change the u-boot size defined by a
macro for copying the main U-Boot by SPL to also include the u-boot
Secure Boot header size as header is appended to u-boot image. So header
will also be copied from SD to DDR.
Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
board/freescale/ls1021atwr/ls1021atwr.c | 7 +++++
.../ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 31 ++++++++++++++++++++++
include/configs/ls1021atwr.h | 22 +++++++++++++++
3 files changed, 60 insertions(+)
create mode 100644 configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1021atwr/ls1021atwr.c b/board/freescale/ls1021atwr/ls1021atwr.c
index c69c9cb..77482a9 100644
--- a/board/freescale/ls1021atwr/ls1021atwr.c
+++ b/board/freescale/ls1021atwr/ls1021atwr.c
@@ -503,6 +503,13 @@ int board_init(void)
return 0;
}
+#if defined(CONFIG_SPL_BUILD)
+void spl_board_init(void)
+{
+ ls102xa_smmu_stream_id_init();
+}
+#endif
+
#ifdef CONFIG_BOARD_LATE_INIT
int board_late_init(void)
{
diff --git a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..c735d6d
--- /dev/null
+++ b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig
@@ -0,0 +1,31 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1021ATWR=y
+CONFIG_SPL=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL,SD_BOOT,SECURE_BOOT"
+CONFIG_BOOTDELAY=0
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_MEMTEST=y
+CONFIG_CMD_MEMINFO=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_OF_LIBFDT=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_RSA=y
+CONFIG_DM=y
diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h
index 0fb28ef..7f14851 100644
--- a/include/configs/ls1021atwr.h
+++ b/include/configs/ls1021atwr.h
@@ -123,7 +123,18 @@
#define CONFIG_SPL_SERIAL_SUPPORT
#define CONFIG_SPL_MMC_SUPPORT
#define CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR 0xe8
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_U_BOOT_HDR_SIZE (16 << 10)
+/*
+ * HDR would be appended at end of image and copied to DDR along
+ * with U-Boot image.
+ */
+#define CONFIG_SYS_U_BOOT_MAX_SIZE_SECTORS (0x400 + \
+ (CONFIG_U_BOOT_HDR_SIZE / 512)
+#else
#define CONFIG_SYS_U_BOOT_MAX_SIZE_SECTORS 0x400
+#endif /* ifdef CONFIG_SECURE_BOOT */
#define CONFIG_SPL_TEXT_BASE 0x10000000
#define CONFIG_SPL_MAX_SIZE 0x1a000
@@ -136,7 +147,18 @@
#define CONFIG_SYS_SPL_MALLOC_SIZE 0x100000
#define CONFIG_SPL_BSS_START_ADDR 0x80100000
#define CONFIG_SPL_BSS_MAX_SIZE 0x80000
+
+#ifdef CONFIG_U_BOOT_HDR_SIZE
+/*
+ * HDR would be appended@end of image and copied to DDR along
+ * with U-Boot image. Here u-boot max. size is 512K. So if binary
+ * size increases then increase this size in case of secure boot as
+ * it uses raw u-boot image instead of fit image.
+ */
+#define CONFIG_SYS_MONITOR_LEN (0x80000 + CONFIG_U_BOOT_HDR_SIZE)
+#else
#define CONFIG_SYS_MONITOR_LEN 0x80000
+#endif /* ifdef CONFIG_U_BOOT_HDR_SIZE */
#endif
#ifdef CONFIG_QSPI_BOOT
--
1.8.1.4
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework
2016-06-14 17:52 ` [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework Sumit Garg
@ 2016-06-17 3:52 ` Simon Glass
2016-07-19 21:37 ` york sun
2016-07-26 20:20 ` york sun
2 siblings, 0 replies; 15+ messages in thread
From: Simon Glass @ 2016-06-17 3:52 UTC (permalink / raw)
To: u-boot
On 14 June 2016 at 11:52, Sumit Garg <sumit.garg@nxp.com> wrote:
> Override jump_to_image_no_args function to include validation of
> u-boot image using spl_validate_uboot before jumping to u-boot image.
> Also define macros in SPL framework to enable crypto operations.
>
> Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> arch/arm/include/asm/fsl_secure_boot.h | 25 +++++++++++++++++++--
> board/freescale/common/fsl_chain_of_trust.c | 34 ++++++++++++++++++++++++++++-
> 2 files changed, 56 insertions(+), 3 deletions(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 3/4] SECURE_BOOT: Enable SD as a source for bootscript
2016-06-14 17:52 ` [U-Boot] [PATCH 3/4] SECURE_BOOT: Enable SD as a source for bootscript Sumit Garg
@ 2016-06-17 3:52 ` Simon Glass
2016-07-26 20:20 ` york sun
1 sibling, 0 replies; 15+ messages in thread
From: Simon Glass @ 2016-06-17 3:52 UTC (permalink / raw)
To: u-boot
On 14 June 2016 at 11:52, Sumit Garg <sumit.garg@nxp.com> wrote:
> Add support for reading bootscript and bootscript header from SD. Also
> renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and
> NOR flash.
>
> Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> arch/arm/include/asm/fsl_secure_boot.h | 43 ++++++++++++++++++++----------
> arch/powerpc/include/asm/fsl_secure_boot.h | 4 +--
> include/config_fsl_chain_trust.h | 18 ++++++++-----
> 3 files changed, 42 insertions(+), 23 deletions(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 1/4] DM: crypto/fsl: Enable rsa DM driver usage before relocation
2016-06-14 17:52 ` [U-Boot] [PATCH 1/4] DM: crypto/fsl: Enable rsa DM driver usage before relocation Sumit Garg
@ 2016-06-17 3:52 ` Simon Glass
2016-07-26 20:20 ` york sun
1 sibling, 0 replies; 15+ messages in thread
From: Simon Glass @ 2016-06-17 3:52 UTC (permalink / raw)
To: u-boot
On 14 June 2016 at 11:52, Sumit Garg <sumit.garg@nxp.com> wrote:
> Enable rsa signature verification in SPL framework before relocation for
> verification of main u-boot.
>
> Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> drivers/crypto/fsl/fsl_rsa.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 4/4] arm: ls1021atwr: Add SD secure boot target
2016-06-14 17:52 ` [U-Boot] [PATCH 4/4] arm: ls1021atwr: Add SD secure boot target Sumit Garg
@ 2016-06-17 3:52 ` Simon Glass
2016-07-26 20:20 ` york sun
1 sibling, 0 replies; 15+ messages in thread
From: Simon Glass @ 2016-06-17 3:52 UTC (permalink / raw)
To: u-boot
On 14 June 2016 at 11:52, Sumit Garg <sumit.garg@nxp.com> wrote:
> Add SD secure boot target for ls1021atwr.
> Implement board specific spl_board_init() to setup CAAM stream ID and
> corresponding stream ID in SMMU. Change the u-boot size defined by a
> macro for copying the main U-Boot by SPL to also include the u-boot
> Secure Boot header size as header is appended to u-boot image. So header
> will also be copied from SD to DDR.
>
> Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> board/freescale/ls1021atwr/ls1021atwr.c | 7 +++++
> .../ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 31 ++++++++++++++++++++++
> include/configs/ls1021atwr.h | 22 +++++++++++++++
> 3 files changed, 60 insertions(+)
> create mode 100644 configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework
2016-06-14 17:52 ` [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework Sumit Garg
2016-06-17 3:52 ` Simon Glass
@ 2016-07-19 21:37 ` york sun
2016-07-20 4:59 ` Sumit Garg
2016-07-26 20:20 ` york sun
2 siblings, 1 reply; 15+ messages in thread
From: york sun @ 2016-07-19 21:37 UTC (permalink / raw)
To: u-boot
On 06/14/2016 04:36 AM, Sumit Garg wrote:
> Override jump_to_image_no_args function to include validation of
> u-boot image using spl_validate_uboot before jumping to u-boot image.
> Also define macros in SPL framework to enable crypto operations.
>
> Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> arch/arm/include/asm/fsl_secure_boot.h | 25 +++++++++++++++++++--
> board/freescale/common/fsl_chain_of_trust.c | 34 ++++++++++++++++++++++++++++-
> 2 files changed, 56 insertions(+), 3 deletions(-)
<snip>
> diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
> index 7bf9827..0f5ec35 100644
> --- a/board/freescale/common/fsl_chain_of_trust.c
> +++ b/board/freescale/common/fsl_chain_of_trust.c
> @@ -10,6 +10,10 @@
> #include <fsl_sfp.h>
> #include <dm/root.h>
>
> +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
> +#include <spl.h>
> +#endif
> +
> #ifdef CONFIG_ADDR_MAP
> #include <asm/mmu.h>
> #endif
Sumit,
Does this patch depend on another patch? It doesn't apply cleanly. I
wonder if you have something else in your local branch.
York
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework
2016-07-19 21:37 ` york sun
@ 2016-07-20 4:59 ` Sumit Garg
0 siblings, 0 replies; 15+ messages in thread
From: Sumit Garg @ 2016-07-20 4:59 UTC (permalink / raw)
To: u-boot
> -----Original Message-----
> From: york sun
> Sent: Wednesday, July 20, 2016 3:08 AM
> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha@nxp.com>; trini at konsulko.com;
> teddy.reed at gmail.com; sjg at chromium.org; dannenberg at ti.com; Aneesh
> Bansal <aneesh.bansal@nxp.com>
> Subject: Re: [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework
>
> On 06/14/2016 04:36 AM, Sumit Garg wrote:
> > Override jump_to_image_no_args function to include validation of
> > u-boot image using spl_validate_uboot before jumping to u-boot image.
> > Also define macros in SPL framework to enable crypto operations.
> >
> > Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> > ---
> > arch/arm/include/asm/fsl_secure_boot.h | 25 +++++++++++++++++++--
> > board/freescale/common/fsl_chain_of_trust.c | 34
> > ++++++++++++++++++++++++++++-
> > 2 files changed, 56 insertions(+), 3 deletions(-)
>
>
> <snip>
>
> > diff --git a/board/freescale/common/fsl_chain_of_trust.c
> > b/board/freescale/common/fsl_chain_of_trust.c
> > index 7bf9827..0f5ec35 100644
> > --- a/board/freescale/common/fsl_chain_of_trust.c
> > +++ b/board/freescale/common/fsl_chain_of_trust.c
> > @@ -10,6 +10,10 @@
> > #include <fsl_sfp.h>
> > #include <dm/root.h>
> >
> > +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
> > +#include <spl.h> #endif
> > +
> > #ifdef CONFIG_ADDR_MAP
> > #include <asm/mmu.h>
> > #endif
>
> Sumit,
>
> Does this patch depend on another patch? It doesn't apply cleanly. I wonder if
> you have something else in your local branch.
>
> York
This series of patches is in continuation to [1], [2] and [3]. Please apply [1], [2] and [3] before applying this patch series.
Regards,
Sumit
[1] https://patchwork.ozlabs.org/patch/648297/
[2] https://patchwork.ozlabs.org/patch/648298/
[3] https://patchwork.ozlabs.org/patch/648303/
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 1/4] DM: crypto/fsl: Enable rsa DM driver usage before relocation
2016-06-14 17:52 ` [U-Boot] [PATCH 1/4] DM: crypto/fsl: Enable rsa DM driver usage before relocation Sumit Garg
2016-06-17 3:52 ` Simon Glass
@ 2016-07-26 20:20 ` york sun
1 sibling, 0 replies; 15+ messages in thread
From: york sun @ 2016-07-26 20:20 UTC (permalink / raw)
To: u-boot
On 06/14/2016 04:36 AM, Sumit Garg wrote:
> Enable rsa signature verification in SPL framework before relocation for
> verification of main u-boot.
>
> Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> drivers/crypto/fsl/fsl_rsa.c | 1 +
> 1 file changed, 1 insertion(+)
>
Applied to fsl-qoriq master. Awaiting upstream.
Thanks.
York
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework
2016-06-14 17:52 ` [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-07-19 21:37 ` york sun
@ 2016-07-26 20:20 ` york sun
2 siblings, 0 replies; 15+ messages in thread
From: york sun @ 2016-07-26 20:20 UTC (permalink / raw)
To: u-boot
On 06/14/2016 04:36 AM, Sumit Garg wrote:
> Override jump_to_image_no_args function to include validation of
> u-boot image using spl_validate_uboot before jumping to u-boot image.
> Also define macros in SPL framework to enable crypto operations.
>
> Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> arch/arm/include/asm/fsl_secure_boot.h | 25 +++++++++++++++++++--
> board/freescale/common/fsl_chain_of_trust.c | 34 ++++++++++++++++++++++++++++-
> 2 files changed, 56 insertions(+), 3 deletions(-)
Applied to fsl-qoriq master. Awaiting upstream.
Thanks.
York
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 3/4] SECURE_BOOT: Enable SD as a source for bootscript
2016-06-14 17:52 ` [U-Boot] [PATCH 3/4] SECURE_BOOT: Enable SD as a source for bootscript Sumit Garg
2016-06-17 3:52 ` Simon Glass
@ 2016-07-26 20:20 ` york sun
1 sibling, 0 replies; 15+ messages in thread
From: york sun @ 2016-07-26 20:20 UTC (permalink / raw)
To: u-boot
On 06/14/2016 04:36 AM, Sumit Garg wrote:
> Add support for reading bootscript and bootscript header from SD. Also
> renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and
> NOR flash.
>
> Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> arch/arm/include/asm/fsl_secure_boot.h | 43 ++++++++++++++++++++----------
> arch/powerpc/include/asm/fsl_secure_boot.h | 4 +--
> include/config_fsl_chain_trust.h | 18 ++++++++-----
> 3 files changed, 42 insertions(+), 23 deletions(-)
>
Applied to fsl-qoriq master. Awaiting upstream.
Thanks.
York
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 4/4] arm: ls1021atwr: Add SD secure boot target
2016-06-14 17:52 ` [U-Boot] [PATCH 4/4] arm: ls1021atwr: Add SD secure boot target Sumit Garg
2016-06-17 3:52 ` Simon Glass
@ 2016-07-26 20:20 ` york sun
1 sibling, 0 replies; 15+ messages in thread
From: york sun @ 2016-07-26 20:20 UTC (permalink / raw)
To: u-boot
On 06/14/2016 04:37 AM, Sumit Garg wrote:
> Add SD secure boot target for ls1021atwr.
> Implement board specific spl_board_init() to setup CAAM stream ID and
> corresponding stream ID in SMMU. Change the u-boot size defined by a
> macro for copying the main U-Boot by SPL to also include the u-boot
> Secure Boot header size as header is appended to u-boot image. So header
> will also be copied from SD to DDR.
>
> Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> board/freescale/ls1021atwr/ls1021atwr.c | 7 +++++
> .../ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 31 ++++++++++++++++++++++
> include/configs/ls1021atwr.h | 22 +++++++++++++++
> 3 files changed, 60 insertions(+)
> create mode 100644 configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig
>
Applied to fsl-qoriq master. Awaiting upstream.
Thanks.
York
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2016-07-26 20:20 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-14 17:52 [U-Boot] [PATCH 0/4] Add SECURE BOOT support in SPL framework Sumit Garg
2016-06-14 17:52 ` [U-Boot] [PATCH 1/4] DM: crypto/fsl: Enable rsa DM driver usage before relocation Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-07-26 20:20 ` york sun
2016-06-14 17:52 ` [U-Boot] [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-07-19 21:37 ` york sun
2016-07-20 4:59 ` Sumit Garg
2016-07-26 20:20 ` york sun
2016-06-14 17:52 ` [U-Boot] [PATCH 3/4] SECURE_BOOT: Enable SD as a source for bootscript Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-07-26 20:20 ` york sun
2016-06-14 17:52 ` [U-Boot] [PATCH 4/4] arm: ls1021atwr: Add SD secure boot target Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-07-26 20:20 ` york sun
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.