* [U-Boot] [PATCH 0/3] SECURE Boot targets for NAND and SD on LS1043, LS1046
@ 2017-02-20 20:37 Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 1/3] arm: ls1043ardb: Add SD secure boot target Ruchika Gupta
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Ruchika Gupta @ 2017-02-20 20:37 UTC (permalink / raw)
To: u-boot
Ruchika Gupta (3):
arm: ls1043ardb: Add SD secure boot target
arm: ls1043ardb: Add NAND secure boot target
arm: ls1046ardb: Add SD secure boot target
arch/arm/include/asm/fsl_secure_boot.h | 16 +++++--
board/freescale/common/fsl_validate.c | 4 ++
board/freescale/ls1043ardb/ls1043ardb.c | 20 +++++++++
board/freescale/ls1046ardb/ls1046ardb.c | 19 +++++++++
configs/ls1043ardb_nand_SECURE_BOOT_defconfig | 57 +++++++++++++++++++++++++
configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 57 +++++++++++++++++++++++++
configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 45 +++++++++++++++++++
include/config_fsl_chain_trust.h | 9 ++--
include/configs/ls1043a_common.h | 34 +++++++++++++--
include/configs/ls1043ardb.h | 2 +-
include/configs/ls1046a_common.h | 17 ++++++--
include/configs/ls1046ardb.h | 1 -
12 files changed, 266 insertions(+), 15 deletions(-)
create mode 100644 configs/ls1043ardb_nand_SECURE_BOOT_defconfig
create mode 100644 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
create mode 100644 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
--
The patchset is dependent on the following patches:
https://patchwork.ozlabs.org/patch/717614/
http://patchwork.ozlabs.org/patch/724332/
http://patchwork.ozlabs.org/patch/729932/
http://patchwork.ozlabs.org/patch/729980/
1.9.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [U-Boot] [PATCH 1/3] arm: ls1043ardb: Add SD secure boot target
2017-02-20 20:37 [U-Boot] [PATCH 0/3] SECURE Boot targets for NAND and SD on LS1043, LS1046 Ruchika Gupta
@ 2017-02-20 20:37 ` Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 2/3] arm: ls1043ardb: Add NAND " Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 3/3] arm: ls1046ardb: Add SD " Ruchika Gupta
2 siblings, 0 replies; 4+ messages in thread
From: Ruchika Gupta @ 2017-02-20 20:37 UTC (permalink / raw)
To: u-boot
- Add SD secure boot target for ls1043ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID and
corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main U-Boot by SPL
to also include the u-boot Secure Boot header size as header is appended to
u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K
are reserved for use by boot ROM and 6K for secure boto header
- Error messages during SPL boot are limited to error code numbers instead of strings
to reduce the size of SPL image
Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
---
The patchset is dependent on the following patches:
https://patchwork.ozlabs.org/patch/717614/
http://patchwork.ozlabs.org/patch/724332/
http://patchwork.ozlabs.org/patch/729932/
http://patchwork.ozlabs.org/patch/729980/
arch/arm/include/asm/fsl_secure_boot.h | 9 +++-
board/freescale/common/fsl_validate.c | 4 ++
board/freescale/ls1043ardb/ls1043ardb.c | 19 +++++++++
configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 57 +++++++++++++++++++++++++
include/configs/ls1043a_common.h | 16 ++++++-
5 files changed, 101 insertions(+), 4 deletions(-)
create mode 100644 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 8d9de45..a1474eb 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -32,10 +32,11 @@
#define CONFIG_SPL_UBOOT_KEY_HASH NULL
#endif /* ifdef CONFIG_SPL_BUILD */
+#define CONFIG_KEY_REVOCATION
+
#ifndef CONFIG_SPL_BUILD
#define CONFIG_CMD_BLOB
#define CONFIG_CMD_HASH
-#define CONFIG_KEY_REVOCATION
#ifndef CONFIG_SYS_RAMBOOT
/* The key used for verification of next level images
* is picked up from an Extension Table which has
@@ -91,7 +92,11 @@
/* For SD boot address and size are assigned in terms of sector
* offset and no. of sectors respectively.
*/
-#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900
+#if defined(CONFIG_LS1043A)
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000920
+#else
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900
+#endif
#define CONFIG_BS_ADDR_DEVICE 0x00000940
#define CONFIG_BS_HDR_SIZE 0x00000010
#define CONFIG_BS_SIZE 0x00000008
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 2b723a4..235c6ab 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -356,6 +356,7 @@ static void fsl_secboot_bootscript_parse_failure(void)
*/
void fsl_secboot_handle_error(int error)
{
+#ifndef CONFIG_SPL_BUILD
const struct fsl_secboot_errcode *e;
for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX;
@@ -363,6 +364,9 @@ void fsl_secboot_handle_error(int error)
if (e->errcode == error)
printf("ERROR :: %x :: %s\n", error, e->name);
}
+#else
+ printf("ERROR :: %x\n", error);
+#endif
/* If Boot Mode is secure, transition the SNVS state and issue
* reset based on type of failure and ITS setting.
diff --git a/board/freescale/ls1043ardb/ls1043ardb.c b/board/freescale/ls1043ardb/ls1043ardb.c
index 5a76742..0b3840d 100644
--- a/board/freescale/ls1043ardb/ls1043ardb.c
+++ b/board/freescale/ls1043ardb/ls1043ardb.c
@@ -43,6 +43,25 @@ int board_early_init_f(void)
return 0;
}
+#if defined(CONFIG_SPL_BUILD)
+void spl_board_init(void)
+{
+#ifdef CONFIG_SECURE_BOOT
+ /*
+ * In case of Secure Boot, the IBR configures the SMMU
+ * to allow only Secure transactions.
+ * SMMU must be reset in bypass mode.
+ * Set the ClientPD bit and Clear the USFCFG Bit
+ */
+ u32 val;
+ val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+ out_le32(SMMU_SCR0, val);
+ val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+ out_le32(SMMU_NSCR0, val);
+#endif
+}
+#endif
+
#ifndef CONFIG_SPL_BUILD
int checkboard(void)
diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..3f35d64
--- /dev/null
+++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
@@ -0,0 +1,57 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1043ARDB=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_ENV_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_WATCHDOG_SUPPORT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1043a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL,SD_BOOT"
+CONFIG_SECURE_BOOT=y
+CONFIG_SD_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_SPL=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
+CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_PXE=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_MTD_NOR_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_SPL_CRYPTO_SUPPORT=y
+CONFIG_SPL_HASH_SUPPORT=y
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index e8ba031..70099f6 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -52,7 +52,7 @@
#define CONFIG_SPL_TARGET "u-boot-with-spl.bin"
#define CONFIG_SPL_TEXT_BASE 0x10000000
-#define CONFIG_SPL_MAX_SIZE 0x1d000
+#define CONFIG_SPL_MAX_SIZE 0x17000
#define CONFIG_SPL_STACK 0x1001e000
#define CONFIG_SPL_PAD_TO 0x1d000
@@ -61,7 +61,19 @@
#define CONFIG_SYS_SPL_MALLOC_SIZE 0x100000
#define CONFIG_SPL_BSS_START_ADDR 0x80100000
#define CONFIG_SPL_BSS_MAX_SIZE 0x80000
-#define CONFIG_SYS_MONITOR_LEN 0xa0000
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_U_BOOT_HDR_SIZE (16 << 10)
+/*
+ * HDR would be appended@end of image and copied to DDR along
+ * with U-Boot image. Here u-boot max. size is 512K. So if binary
+ * size increases then increase this size in case of secure boot as
+ * it uses raw u-boot image instead of fit image.
+ */
+#define CONFIG_SYS_MONITOR_LEN (0x100000 + CONFIG_U_BOOT_HDR_SIZE)
+#else
+#define CONFIG_SYS_MONITOR_LEN 0x100000
+#endif /* ifdef CONFIG_SECURE_BOOT */
#endif
/* NAND SPL */
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [U-Boot] [PATCH 2/3] arm: ls1043ardb: Add NAND secure boot target
2017-02-20 20:37 [U-Boot] [PATCH 0/3] SECURE Boot targets for NAND and SD on LS1043, LS1046 Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 1/3] arm: ls1043ardb: Add SD secure boot target Ruchika Gupta
@ 2017-02-20 20:37 ` Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 3/3] arm: ls1046ardb: Add SD " Ruchika Gupta
2 siblings, 0 replies; 4+ messages in thread
From: Ruchika Gupta @ 2017-02-20 20:37 UTC (permalink / raw)
To: u-boot
Add NAND secure boot target for ls1043ardb.
- Change the u-boot size defined by a macro for copying the main
U-Boot by SPL to also include the u-boot Secure Boot header size as
header is appended to u-boot image. So header will also be copied from SD to DDR.
- MACRO for CONFIG_BOOTSCRIPT_COPY_RAM is enabled to copy Bootscript from NAND to
DDR. Offsets for Bootscript on NAND and DDR have been also defined.
Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
---
The patchset is dependent on the following patches:
https://patchwork.ozlabs.org/patch/717614/
http://patchwork.ozlabs.org/patch/724332/
http://patchwork.ozlabs.org/patch/729932/
http://patchwork.ozlabs.org/patch/729980/
arch/arm/include/asm/fsl_secure_boot.h | 7 +++-
board/freescale/ls1043ardb/ls1043ardb.c | 1 +
configs/ls1043ardb_nand_SECURE_BOOT_defconfig | 57 +++++++++++++++++++++++++++
include/config_fsl_chain_trust.h | 9 +++--
include/configs/ls1043a_common.h | 18 ++++++++-
include/configs/ls1043ardb.h | 2 +-
6 files changed, 87 insertions(+), 7 deletions(-)
create mode 100644 configs/ls1043ardb_nand_SECURE_BOOT_defconfig
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index a1474eb..2f719c0 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -74,7 +74,7 @@
/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
* Non-XIP Memory (Nand/SD)*/
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
- defined(CONFIG_SD_BOOT)
+ defined(CONFIG_SD_BOOT) || defined(CONFIG_NAND_BOOT)
#define CONFIG_BOOTSCRIPT_COPY_RAM
#endif
/* The address needs to be modified according to NOR, NAND, SD and
@@ -100,6 +100,11 @@
#define CONFIG_BS_ADDR_DEVICE 0x00000940
#define CONFIG_BS_HDR_SIZE 0x00000010
#define CONFIG_BS_SIZE 0x00000008
+#elif defined(CONFIG_NAND_BOOT)
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x00800000
+#define CONFIG_BS_ADDR_DEVICE 0x00802000
+#define CONFIG_BS_HDR_SIZE 0x00002000
+#define CONFIG_BS_SIZE 0x00001000
#else
#define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000
#define CONFIG_BS_ADDR_DEVICE 0x60060000
diff --git a/board/freescale/ls1043ardb/ls1043ardb.c b/board/freescale/ls1043ardb/ls1043ardb.c
index 0b3840d..62ab749 100644
--- a/board/freescale/ls1043ardb/ls1043ardb.c
+++ b/board/freescale/ls1043ardb/ls1043ardb.c
@@ -58,6 +58,7 @@ void spl_board_init(void)
out_le32(SMMU_SCR0, val);
val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
out_le32(SMMU_NSCR0, val);
+ printf("Completed spl_board_init\n");
#endif
}
#endif
diff --git a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..66c89fa
--- /dev/null
+++ b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig
@@ -0,0 +1,57 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1043ARDB=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SPL_NAND_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_ENV_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_WATCHDOG_SUPPORT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1043a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL,NAND_BOOT"
+CONFIG_NAND_BOOT=y
+CONFIG_SECURE_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_SPL=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xf0
+CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_PXE=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_MTD_NOR_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_SPL_CRYPTO_SUPPORT=y
+CONFIG_SPL_HASH_SUPPORT=y
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index eb45e98..40d323e 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -81,17 +81,18 @@
"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
/* For secure boot flow, default environment used will be used */
-#if defined(CONFIG_SYS_RAMBOOT)
-#if defined(CONFIG_RAMBOOT_NAND)
+#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
+ defined(CONFIG_SD_BOOT)
+#if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
#define CONFIG_BS_COPY_CMD \
"nand read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
"nand read $bs_ram $bs_device $bs_size ;"
-#endif /* CONFIG_RAMBOOT_NAND */
#elif defined(CONFIG_SD_BOOT)
#define CONFIG_BS_COPY_CMD \
"mmc read $bs_hdr_ram $bs_hdr_device $bs_hdr_size ;" \
"mmc read $bs_ram $bs_device $bs_size ;"
-#else /* CONFIG_SD_BOOT */
+#endif
+#else
#define CONFIG_BS_COPY_CMD \
"cp.b $bs_hdr_device $bs_hdr_ram $bs_hdr_size ;" \
"cp.b $bs_device $bs_ram $bs_size ;"
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index 70099f6..97282b2 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -91,7 +91,23 @@
#define CONFIG_SPL_BSS_START_ADDR 0x80100000
#define CONFIG_SYS_SPL_MALLOC_SIZE 0x100000
#define CONFIG_SPL_BSS_MAX_SIZE 0x80000
-#define CONFIG_SYS_MONITOR_LEN 0xa0000
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_U_BOOT_HDR_SIZE (16 << 10)
+#endif /* ifdef CONFIG_SECURE_BOOT */
+
+#ifdef CONFIG_U_BOOT_HDR_SIZE
+/*
+ * HDR would be appended@end of image and copied to DDR along
+ * with U-Boot image. Here u-boot max. size is 512K. So if binary
+ * size increases then increase this size in case of secure boot as
+ * it uses raw u-boot image instead of fit image.
+ */
+#define CONFIG_SYS_MONITOR_LEN (0x100000 + CONFIG_U_BOOT_HDR_SIZE)
+#else
+#define CONFIG_SYS_MONITOR_LEN 0x100000
+#endif /* ifdef CONFIG_U_BOOT_HDR_SIZE */
+
#endif
#if !(defined(CONFIG_SPL_BUILD) && defined(CONFIG_SD_BOOT))
diff --git a/include/configs/ls1043ardb.h b/include/configs/ls1043ardb.h
index 972ccb1..db782fe 100644
--- a/include/configs/ls1043ardb.h
+++ b/include/configs/ls1043ardb.h
@@ -136,7 +136,7 @@
#ifdef CONFIG_NAND_BOOT
#define CONFIG_SPL_PAD_TO 0x20000 /* block aligned */
#define CONFIG_SYS_NAND_U_BOOT_OFFS CONFIG_SPL_PAD_TO
-#define CONFIG_SYS_NAND_U_BOOT_SIZE (640 << 10)
+#define CONFIG_SYS_NAND_U_BOOT_SIZE (1024 << 10)
#endif
/*
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [U-Boot] [PATCH 3/3] arm: ls1046ardb: Add SD secure boot target
2017-02-20 20:37 [U-Boot] [PATCH 0/3] SECURE Boot targets for NAND and SD on LS1043, LS1046 Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 1/3] arm: ls1043ardb: Add SD secure boot target Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 2/3] arm: ls1043ardb: Add NAND " Ruchika Gupta
@ 2017-02-20 20:37 ` Ruchika Gupta
2 siblings, 0 replies; 4+ messages in thread
From: Ruchika Gupta @ 2017-02-20 20:37 UTC (permalink / raw)
To: u-boot
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID and
corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main U-Boot by SPL
to also include the u-boot Secure Boot header size as header is appended to
u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K
are reserved for use by boot ROM and 6K for the header
Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
---
The patchset is dependent on the following patches:
https://patchwork.ozlabs.org/patch/717614/
http://patchwork.ozlabs.org/patch/724332/
http://patchwork.ozlabs.org/patch/729932/
http://patchwork.ozlabs.org/patch/729980/
arch/arm/include/asm/fsl_secure_boot.h | 2 +-
board/freescale/ls1046ardb/ls1046ardb.c | 19 +++++++++++
configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 45 +++++++++++++++++++++++++
include/configs/ls1046a_common.h | 17 ++++++++--
include/configs/ls1046ardb.h | 1 -
5 files changed, 79 insertions(+), 5 deletions(-)
create mode 100644 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 2f719c0..f612088 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -92,7 +92,7 @@
/* For SD boot address and size are assigned in terms of sector
* offset and no. of sectors respectively.
*/
-#if defined(CONFIG_LS1043A)
+#if defined(CONFIG_LS1043A) || defined(CONFIG_LS1046A)
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000920
#else
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900
diff --git a/board/freescale/ls1046ardb/ls1046ardb.c b/board/freescale/ls1046ardb/ls1046ardb.c
index bb03479..0087c73 100644
--- a/board/freescale/ls1046ardb/ls1046ardb.c
+++ b/board/freescale/ls1046ardb/ls1046ardb.c
@@ -38,6 +38,25 @@ int board_early_init_f(void)
return 0;
}
+#if defined(CONFIG_SPL_BUILD)
+void spl_board_init(void)
+{
+#ifdef CONFIG_SECURE_BOOT
+ /*
+ * In case of Secure Boot, the IBR configures the SMMU
+ * to allow only Secure transactions.
+ * SMMU must be reset in bypass mode.
+ * Set the ClientPD bit and Clear the USFCFG Bit
+ */
+ u32 val;
+ val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+ out_le32(SMMU_SCR0, val);
+ val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+ out_le32(SMMU_NSCR0, val);
+#endif
+}
+#endif
+
#ifndef CONFIG_SPL_BUILD
int checkboard(void)
{
diff --git a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..a41ec80
--- /dev/null
+++ b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
@@ -0,0 +1,45 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046ARDB=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL"
+CONFIG_SECURE_BOOT=y
+CONFIG_SD_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_SPL=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
+CONFIG_HUSH_PARSER=y
+# CONFIG_CMD_IMLS is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_QSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_SPL_CRYPTO_SUPPORT=y
+CONFIG_SPL_HASH_SUPPORT=y
diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h
index c884b95..241e679 100644
--- a/include/configs/ls1046a_common.h
+++ b/include/configs/ls1046a_common.h
@@ -13,7 +13,6 @@
#define CONFIG_GICV2
#include <asm/arch/config.h>
-
/* Link Definitions */
#define CONFIG_SYS_INIT_SP_ADDR (CONFIG_SYS_FSL_OCRAM_BASE + 0xfff0)
@@ -68,7 +67,19 @@
#define CONFIG_SYS_SPL_MALLOC_START (CONFIG_SPL_BSS_START_ADDR + \
CONFIG_SPL_BSS_MAX_SIZE)
#define CONFIG_SYS_SPL_MALLOC_SIZE 0x100000
-#define CONFIG_SYS_MONITOR_LEN 0xa0000
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_U_BOOT_HDR_SIZE (16 << 10)
+/*
+ * HDR would be appended@end of image and copied to DDR along
+ * with U-Boot image. Here u-boot max. size is 512K. So if binary
+ * size increases then increase this size in case of secure boot as
+ * it uses raw u-boot image instead of fit image.
+ */
+#define CONFIG_SYS_MONITOR_LEN (0x100000 + CONFIG_U_BOOT_HDR_SIZE)
+#else
+#define CONFIG_SYS_MONITOR_LEN 0x100000
+#endif /* ifdef CONFIG_SECURE_BOOT */
#endif
/* NAND SPL */
@@ -88,7 +99,7 @@
#define CONFIG_SPL_NAND_SUPPORT
#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
#define CONFIG_SPL_TEXT_BASE 0x10000000
-#define CONFIG_SPL_MAX_SIZE 0x1d000 /* 116 KiB */
+#define CONFIG_SPL_MAX_SIZE 0x17000 /* 90 KiB */
#define CONFIG_SPL_STACK 0x1001f000
#define CONFIG_SYS_NAND_U_BOOT_DST CONFIG_SYS_TEXT_BASE
#define CONFIG_SYS_NAND_U_BOOT_START CONFIG_SYS_TEXT_BASE
diff --git a/include/configs/ls1046ardb.h b/include/configs/ls1046ardb.h
index 7eaa69e..e4236cf 100644
--- a/include/configs/ls1046ardb.h
+++ b/include/configs/ls1046ardb.h
@@ -8,7 +8,6 @@
#define __LS1046ARDB_H__
#include "ls1046a_common.h"
-
#ifdef CONFIG_SD_BOOT
#define CONFIG_SYS_TEXT_BASE 0x82000000
#else
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-02-20 20:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-20 20:37 [U-Boot] [PATCH 0/3] SECURE Boot targets for NAND and SD on LS1043, LS1046 Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 1/3] arm: ls1043ardb: Add SD secure boot target Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 2/3] arm: ls1043ardb: Add NAND " Ruchika Gupta
2017-02-20 20:37 ` [U-Boot] [PATCH 3/3] arm: ls1046ardb: Add SD " Ruchika Gupta
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.