[U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets

[U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets

[Sumit Garg]

Purpose of patchset:
--------------------
1. This consolidated patchset supersedes earlier patchset for LS1046
   and LS1012 secure boot target addition patchsets as they have inter-
   dependency.
2. Rebased and incorporated review comments.
3. Enabling PPA in secure boot via Kconfig option similar to non-secure
   boot for LS1043, LS1012 and LS1046.

Following are patchwork links of earlier patchset:

LS1046 secure boot targets (v3 patchset):
-----------------------------------------
https://patchwork.ozlabs.org/patch/711699/
https://patchwork.ozlabs.org/patch/711698/
https://patchwork.ozlabs.org/patch/711701/

LS1012 secure boot target (v1 patchset):
-----------------------------------------
https://patchwork.ozlabs.org/patch/691306/
https://patchwork.ozlabs.org/patch/691305/

Also this patchset include patches to enable PPA in secure boot for
LS1043 via Kconfig option.

  SECURE BOOT: Add header address of PPA in kconfig
  LS1043ARDB: Enable PPA in Secure boot defconfig
  SECURE_BOOT: Enable chain of trust on LS1046A platform
  LS1046AQDS: Add NOR Secure Boot Target
  LS1046ARDB: Add QSPI Secure Boot target
  SECURE_BOOT: Enable chain of trust on LS1012A platform
  LS1012ARDB: Add QSPI Secure Boot target

 arch/arm/cpu/armv8/fsl-layerscape/Kconfig         | 13 ++++++
 arch/arm/cpu/armv8/fsl-layerscape/ppa.c           |  2 +-
 arch/arm/include/asm/arch-fsl-layerscape/config.h |  9 ++++-
 arch/arm/include/asm/fsl_secure_boot.h            | 33 +++++++++-------
 board/freescale/ls1012ardb/MAINTAINERS            |  4 ++
 board/freescale/ls1012ardb/ls1012ardb.c           |  5 +++
 board/freescale/ls1046aqds/MAINTAINERS            |  4 ++
 board/freescale/ls1046aqds/ls1046aqds.c           | 19 +++++++++
 board/freescale/ls1046ardb/Kconfig                |  2 +-
 board/freescale/ls1046ardb/MAINTAINERS            |  4 ++
 board/freescale/ls1046ardb/ls1046ardb.c           | 19 +++++++++
 configs/ls1012ardb_qspi_SECURE_BOOT_defconfig     | 48 +++++++++++++++++++++++
 configs/ls1043ardb_SECURE_BOOT_defconfig          |  1 +
 configs/ls1046aqds_SECURE_BOOT_defconfig          | 39 ++++++++++++++++++
 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig     | 37 +++++++++++++++++
 include/configs/ls1012a_common.h                  |  2 -
 include/configs/ls1012ardb.h                      |  3 ++
 include/configs/ls1046ardb.h                      |  2 +
 18 files changed, 226 insertions(+), 20 deletions(-)
 create mode 100644 configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
 create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig
 create mode 100644 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig

-- 
1.9.1

[U-Boot] [PATCH 1/7] SECURE BOOT: Add header address of PPA in kconfig

[Sumit Garg]

From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>

The header address of PPA defined in Kconfig.

Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
 arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 11 +++++++++++
 arch/arm/cpu/armv8/fsl-layerscape/ppa.c   |  2 +-
 arch/arm/include/asm/fsl_secure_boot.h    | 12 ++----------
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index a99b1c6..10efb8c 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -154,6 +154,17 @@ config SYS_LS_PPA_FW_ADDR
 	  QSPI flash, this address is a directly memory-mapped.
 	  If it is in a serial accessed flash, such as NAND and SD
 	  card, it is a byte offset.
+
+config SYS_LS_PPA_ESBC_ADDR
+	hex "hdr address of PPA firmware loading from"
+	depends on FSL_LS_PPA && CHAIN_OF_TRUST
+	default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
+	help
+	  If the PPA header firmware locate at XIP flash, such as NOR or
+	  QSPI flash, this address is a directly memory-mapped.
+	  If it is in a serial accessed flash, such as NAND and SD
+	  card, it is a byte offset.
+
 endmenu
 
 config SYS_FSL_ERRATUM_A010315
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
index b68e87d..cb16925 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
@@ -42,7 +42,7 @@ int ppa_init(void)
 	ppa_img_addr = (uintptr_t)ppa_fit_addr;
 	if (fsl_check_boot_mode_secure() != 0) {
 		ret = fsl_secboot_validate(ppa_esbc_hdr,
-					   CONFIG_PPA_KEY_HASH,
+					   PPA_KEY_HASH,
 					   &ppa_img_addr);
 		if (ret != 0)
 			printf("PPA validation failed\n");
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index fd627c0..a1a3004 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -109,21 +109,13 @@
 #endif
 
 #ifdef CONFIG_FSL_LS_PPA
-#ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
-#ifdef CONFIG_LS1043A
-#define CONFIG_SYS_LS_PPA_ESBC_ADDR	0x600c0000
-#endif
-#else
-#error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
-#endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */
-
 /* Define the key hash here if SRK used for signing PPA image is
  * different from SRK hash put in SFP used for U-Boot.
  * Example
  * #define CONFIG_PPA_KEY_HASH \
- *	"41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
+ *     "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
  */
-#define CONFIG_PPA_KEY_HASH		NULL
+#define PPA_KEY_HASH            NULL
 #endif /* ifdef CONFIG_FSL_LS_PPA */
 
 #include <config_fsl_chain_trust.h>
-- 
1.9.1

[U-Boot] [PATCH 2/7] LS1043ARDB: Enable PPA in Secure boot defconfig

[Sumit Garg]

From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>

Enable PPA in secure boot by defining FSL_LS_PPA macro in its defconfig
file.

Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
 configs/ls1043ardb_SECURE_BOOT_defconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig b/configs/ls1043ardb_SECURE_BOOT_defconfig
index 6f86877..861d49b 100644
--- a/configs/ls1043ardb_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
@@ -3,6 +3,7 @@ CONFIG_TARGET_LS1043ARDB=y
 CONFIG_SECURE_BOOT=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1043a-rdb"
 CONFIG_FIT=y
+CONFIG_FSL_LS_PPA=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_BOOTDELAY=10
-- 
1.9.1

[U-Boot] [PATCH 3/7] SECURE_BOOT: Enable chain of trust on LS1046A platform

[Sumit Garg]

From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>

Define bootscript and its header addresses for QSPI target. Also
define PPA header address to enable PPA validation.

Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
 arch/arm/cpu/armv8/fsl-layerscape/Kconfig         |  1 +
 arch/arm/include/asm/arch-fsl-layerscape/config.h |  2 +-
 arch/arm/include/asm/fsl_secure_boot.h            | 18 ++++++++++++++----
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index 10efb8c..fbb6642 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -159,6 +159,7 @@ config SYS_LS_PPA_ESBC_ADDR
 	hex "hdr address of PPA firmware loading from"
 	depends on FSL_LS_PPA && CHAIN_OF_TRUST
 	default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
+	default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
 	help
 	  If the PPA header firmware locate at XIP flash, such as NOR or
 	  QSPI flash, this address is a directly memory-mapped.
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h
index b5b08aa..1f22afd 100644
--- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
+++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
@@ -199,7 +199,7 @@
 
 #define CONFIG_SYS_FSL_IFC_BE
 #define CONFIG_SYS_FSL_SFP_VER_3_2
-#define CONFIG_SYS_FSL_SNVS_LE
+#define CONFIG_SYS_FSL_SEC_MON_BE
 #define CONFIG_SYS_FSL_SFP_BE
 #define CONFIG_SYS_FSL_SRK_LE
 #define CONFIG_KEY_REVOCATION
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index a1a3004..423c2c4 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -46,9 +46,10 @@
 
 #endif
 
-#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
-/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
- * Similiarly for LS2080
+#if defined(CONFIG_FSL_LAYERSCAPE)
+/*
+ * For fsl layerscape based platforms, ESBC image Address in Header
+ * is 64 bit.
  */
 #define CONFIG_ESBC_ADDR_64BIT
 #endif
@@ -90,12 +91,21 @@
 #define CONFIG_BS_ADDR_DEVICE		0x00000940
 #define CONFIG_BS_HDR_SIZE		0x00000010
 #define CONFIG_BS_SIZE			0x00000008
+#elif defined(CONFIG_QSPI_BOOT)
+#ifdef CONFIG_ARCH_LS1046A
+#define CONFIG_BS_HDR_ADDR_DEVICE	0x40780000
+#define CONFIG_BS_ADDR_DEVICE		0x40800000
 #else
+#error "Platform not supported"
+#endif
+#define CONFIG_BS_HDR_SIZE		0x00002000
+#define CONFIG_BS_SIZE			0x00001000
+#else /* Default NOR Boot */
 #define CONFIG_BS_HDR_ADDR_DEVICE	0x600a0000
 #define CONFIG_BS_ADDR_DEVICE		0x60060000
 #define CONFIG_BS_HDR_SIZE		0x00002000
 #define CONFIG_BS_SIZE			0x00001000
-#endif /* #ifdef CONFIG_SD_BOOT */
+#endif
 #define CONFIG_BS_HDR_ADDR_RAM		0x81000000
 #define CONFIG_BS_ADDR_RAM		0x81020000
 #endif
-- 
1.9.1

[U-Boot] [PATCH 4/7] LS1046AQDS: Add NOR Secure Boot Target

[Sumit Garg]

Add NOR secure boot target. Also enable sec init.

Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
 board/freescale/ls1046aqds/MAINTAINERS   |  4 ++++
 board/freescale/ls1046aqds/ls1046aqds.c  | 19 ++++++++++++++++
 configs/ls1046aqds_SECURE_BOOT_defconfig | 39 ++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+)
 create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig

diff --git a/board/freescale/ls1046aqds/MAINTAINERS b/board/freescale/ls1046aqds/MAINTAINERS
index b4549ae..6737d55 100644
--- a/board/freescale/ls1046aqds/MAINTAINERS
+++ b/board/freescale/ls1046aqds/MAINTAINERS
@@ -8,3 +8,7 @@ F:	configs/ls1046aqds_nand_defconfig
 F:	configs/ls1046aqds_sdcard_ifc_defconfig
 F:	configs/ls1046aqds_sdcard_qspi_defconfig
 F:	configs/ls1046aqds_qspi_defconfig
+
+M:	Sumit Garg <sumit.garg@nxp.com>
+S:	Maintained
+F:	configs/ls1046aqds_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046aqds/ls1046aqds.c b/board/freescale/ls1046aqds/ls1046aqds.c
index af3f70a..8def6e6 100644
--- a/board/freescale/ls1046aqds/ls1046aqds.c
+++ b/board/freescale/ls1046aqds/ls1046aqds.c
@@ -21,6 +21,7 @@
 #include <fsl_csu.h>
 #include <fsl_esdhc.h>
 #include <fsl_ifc.h>
+#include <fsl_sec.h>
 #include <spl.h>
 
 #include "../common/vid.h"
@@ -265,6 +266,24 @@ int board_init(void)
 	if (adjust_vdd(0))
 		printf("Warning: Adjusting core voltage failed.\n");
 
+#ifdef CONFIG_SECURE_BOOT
+	/*
+	 * In case of Secure Boot, the IBR configures the SMMU
+	 * to allow only Secure transactions.
+	 * SMMU must be reset in bypass mode.
+	 * Set the ClientPD bit and Clear the USFCFG Bit
+	 */
+	u32 val;
+	val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_SCR0, val);
+	val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_NSCR0, val);
+#endif
+
+#ifdef CONFIG_FSL_CAAM
+	sec_init();
+#endif
+
 	return 0;
 }
 
diff --git a/configs/ls1046aqds_SECURE_BOOT_defconfig b/configs/ls1046aqds_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..dc16fa0
--- /dev/null
+++ b/configs/ls1046aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,39 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046AQDS=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-qds-duart"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SECURE_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_MEMTEST=y
+CONFIG_CMD_MEMINFO=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_MTD_NOR_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_DSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_RSA=y
-- 
1.9.1

[U-Boot] [PATCH 5/7] LS1046ARDB: Add QSPI Secure Boot target

[Sumit Garg]

From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>

Add QSPI Secure Boot target. Also enable sec init.

Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
 board/freescale/ls1046ardb/Kconfig            |  2 +-
 board/freescale/ls1046ardb/MAINTAINERS        |  4 +++
 board/freescale/ls1046ardb/ls1046ardb.c       | 19 ++++++++++++++
 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig | 37 +++++++++++++++++++++++++++
 include/configs/ls1046ardb.h                  |  2 ++
 5 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig

diff --git a/board/freescale/ls1046ardb/Kconfig b/board/freescale/ls1046ardb/Kconfig
index a62255c..b9f2ed7 100644
--- a/board/freescale/ls1046ardb/Kconfig
+++ b/board/freescale/ls1046ardb/Kconfig
@@ -12,5 +12,5 @@ config SYS_SOC
 
 config SYS_CONFIG_NAME
 	default "ls1046ardb"
-
+source "board/freescale/common/Kconfig"
 endif
diff --git a/board/freescale/ls1046ardb/MAINTAINERS b/board/freescale/ls1046ardb/MAINTAINERS
index ff42bef..758ff9d 100644
--- a/board/freescale/ls1046ardb/MAINTAINERS
+++ b/board/freescale/ls1046ardb/MAINTAINERS
@@ -7,3 +7,7 @@ F:	include/configs/ls1046ardb.h
 F:	configs/ls1046ardb_qspi_defconfig
 F:	configs/ls1046ardb_sdcard_defconfig
 F:	configs/ls1046ardb_emmc_defconfig
+
+M:	Sumit Garg <sumit.garg@nxp.com>
+S:	Maintained
+F:	configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046ardb/ls1046ardb.c b/board/freescale/ls1046ardb/ls1046ardb.c
index 02b6c4c..df69dcf 100644
--- a/board/freescale/ls1046ardb/ls1046ardb.c
+++ b/board/freescale/ls1046ardb/ls1046ardb.c
@@ -21,6 +21,7 @@
 #include <fsl_esdhc.h>
 #include <power/mc34vr500_pmic.h>
 #include "cpld.h"
+#include <fsl_sec.h>
 
 DECLARE_GLOBAL_DATA_PTR;
 
@@ -71,6 +72,24 @@ int board_init(void)
 	enable_layerscape_ns_access();
 #endif
 
+#ifdef CONFIG_SECURE_BOOT
+	/*
+	 * In case of Secure Boot, the IBR configures the SMMU
+	 * to allow only Secure transactions.
+	 * SMMU must be reset in bypass mode.
+	 * Set the ClientPD bit and Clear the USFCFG Bit
+	 */
+	u32 val;
+	val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_SCR0, val);
+	val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_NSCR0, val);
+#endif
+
+#ifdef CONFIG_FSL_CAAM
+	sec_init();
+#endif
+
 #ifdef CONFIG_FSL_LS_PPA
 	ppa_init();
 #endif
diff --git a/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..af14e19
--- /dev/null
+++ b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,37 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046ARDB=y
+CONFIG_FSL_LS_PPA=y
+CONFIG_QSPI_AHB_INIT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb"
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_QSPI_BOOT=y
+CONFIG_SECURE_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_HUSH_PARSER=y
+# CONFIG_CMD_IMLS is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_QSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_RSA=y
diff --git a/include/configs/ls1046ardb.h b/include/configs/ls1046ardb.h
index 2141b82..196db81 100644
--- a/include/configs/ls1046ardb.h
+++ b/include/configs/ls1046ardb.h
@@ -239,4 +239,6 @@
 			"7e800000.flash:16m(nand_uboot)," \
 			"48m(nand_kernel),448m(nand_free)"
 
+#include <asm/fsl_secure_boot.h>
+
 #endif /* __LS1046ARDB_H__ */
-- 
1.9.1

[U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform

[Sumit Garg]

From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>

Define bootscript and its header addresses for QSPI target
Also add PPA header address in Kconfig

Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
 arch/arm/cpu/armv8/fsl-layerscape/Kconfig         | 1 +
 arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
 arch/arm/include/asm/fsl_secure_boot.h            | 3 +++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index fbb6642..03bc9ea 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
 	depends on FSL_LS_PPA && CHAIN_OF_TRUST
 	default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
 	default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
+	default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
 	help
 	  If the PPA header firmware locate at XIP flash, such as NOR or
 	  QSPI flash, this address is a directly memory-mapped.
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h
index 1f22afd..4db11b6 100644
--- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
+++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
@@ -185,7 +185,12 @@
 #elif defined(CONFIG_ARCH_LS1012A)
 #define GICD_BASE		0x01401000
 #define GICC_BASE		0x01402000
-
+#define CONFIG_SYS_FSL_SFP_VER_3_2
+#define CONFIG_SYS_FSL_SEC_MON_BE
+#define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SRK_LE
+#define CONFIG_KEY_REVOCATION
+#define CONFIG_SYS_FSL_MAX_NUM_OF_SEC           1
 #define CONFIG_SYS_DDR_BLOCK1_SIZE	((phys_size_t)2 << 30)
 #define CONFIG_MAX_MEM_MAPPED		CONFIG_SYS_DDR_BLOCK1_SIZE
 
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 423c2c4..69cd35d 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -95,6 +95,9 @@
 #ifdef CONFIG_ARCH_LS1046A
 #define CONFIG_BS_HDR_ADDR_DEVICE	0x40780000
 #define CONFIG_BS_ADDR_DEVICE		0x40800000
+#elif defined(CONFIG_ARCH_LS1012A)
+#define CONFIG_BS_HDR_ADDR_DEVICE      0x400c0000
+#define CONFIG_BS_ADDR_DEVICE          0x40060000
 #else
 #error "Platform not supported"
 #endif
-- 
1.9.1

[U-Boot] [PATCH 7/7] LS1012ARDB: Add QSPI Secure Boot target

[Sumit Garg]

From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>

Add QSPI Secure Boot target to enable chain of trust

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
---
 board/freescale/ls1012ardb/MAINTAINERS        |  4 +++
 board/freescale/ls1012ardb/ls1012ardb.c       |  5 +++
 configs/ls1012ardb_qspi_SECURE_BOOT_defconfig | 48 +++++++++++++++++++++++++++
 include/configs/ls1012a_common.h              |  2 --
 include/configs/ls1012ardb.h                  |  3 ++
 5 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 configs/ls1012ardb_qspi_SECURE_BOOT_defconfig

diff --git a/board/freescale/ls1012ardb/MAINTAINERS b/board/freescale/ls1012ardb/MAINTAINERS
index 79a2a7d..2cb38e7 100644
--- a/board/freescale/ls1012ardb/MAINTAINERS
+++ b/board/freescale/ls1012ardb/MAINTAINERS
@@ -4,3 +4,7 @@ S:	Maintained
 F:	board/freescale/ls1012ardb/
 F:	include/configs/ls1012ardb.h
 F:	configs/ls1012ardb_qspi_defconfig
+
+M:	Sumit Garg <sumit.garg@nxp.com>
+S:	Maintained
+F:	configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1012ardb/ls1012ardb.c b/board/freescale/ls1012ardb/ls1012ardb.c
index a23a23b..a21e4c4 100644
--- a/board/freescale/ls1012ardb/ls1012ardb.c
+++ b/board/freescale/ls1012ardb/ls1012ardb.c
@@ -22,6 +22,7 @@
 #include <environment.h>
 #include <fsl_mmdc.h>
 #include <netdev.h>
+#include <fsl_sec.h>
 
 DECLARE_GLOBAL_DATA_PTR;
 
@@ -118,6 +119,10 @@ int board_init(void)
 	gd->env_addr = (ulong)&default_environment[0];
 #endif
 
+#ifdef CONFIG_FSL_CAAM
+	sec_init();
+#endif
+
 #ifdef CONFIG_FSL_LS_PPA
 	ppa_init();
 #endif
diff --git a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..97f49d5
--- /dev/null
+++ b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,48 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1012ARDB=y
+CONFIG_SYS_EXTRA_OPTIONS="QSPI_BOOT"
+# CONFIG_CMD_IMLS is not set
+CONFIG_SYS_NS16550=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb"
+CONFIG_FSL_LS_PPA=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPI_FLASH=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SECURE_BOOT=y
+CONFIG_QSPI_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_USB=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_DSPI=y
+CONFIG_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/include/configs/ls1012a_common.h b/include/configs/ls1012a_common.h
index af07672..c36736f 100644
--- a/include/configs/ls1012a_common.h
+++ b/include/configs/ls1012a_common.h
@@ -122,6 +122,4 @@
 #define CONFIG_PANIC_HANG
 #define CONFIG_SYS_BOOTM_LEN   (64 << 20)      /* Increase max gunzip size */
 
-#include <asm/fsl_secure_boot.h>
-
 #endif /* __LS1012A_COMMON_H */
diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h
index 70d3a71..276fe10 100644
--- a/include/configs/ls1012ardb.h
+++ b/include/configs/ls1012ardb.h
@@ -74,4 +74,7 @@
 #define CONFIG_SYS_MEMTEST_START	0x80000000
 #define CONFIG_SYS_MEMTEST_END		0x9fffffff
 
+
+#include <asm/fsl_secure_boot.h>
+
 #endif /* __LS1012ARDB_H__ */
-- 
1.9.1

[U-Boot] [u-boot-release] [PATCH 3/7] SECURE_BOOT: Enable chain of trust on LS1046A platform

[york sun]

On 03/23/2017 01:19 AM, Sumit Garg wrote:
> From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
>
> Define bootscript and its header addresses for QSPI target. Also
> define PPA header address to enable PPA validation.
>
> Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
>  arch/arm/cpu/armv8/fsl-layerscape/Kconfig         |  1 +
>  arch/arm/include/asm/arch-fsl-layerscape/config.h |  2 +-
>  arch/arm/include/asm/fsl_secure_boot.h            | 18 ++++++++++++++----
>  3 files changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> index 10efb8c..fbb6642 100644
> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> @@ -159,6 +159,7 @@ config SYS_LS_PPA_ESBC_ADDR
>  	hex "hdr address of PPA firmware loading from"
>  	depends on FSL_LS_PPA && CHAIN_OF_TRUST
>  	default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
> +	default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A

Why isn't the offset consistent?

>  	help
>  	  If the PPA header firmware locate at XIP flash, such as NOR or
>  	  QSPI flash, this address is a directly memory-mapped.
> diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h
> index b5b08aa..1f22afd 100644
> --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
> +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
> @@ -199,7 +199,7 @@
>
>  #define CONFIG_SYS_FSL_IFC_BE
>  #define CONFIG_SYS_FSL_SFP_VER_3_2
> -#define CONFIG_SYS_FSL_SNVS_LE
> +#define CONFIG_SYS_FSL_SEC_MON_BE
>  #define CONFIG_SYS_FSL_SFP_BE
>  #define CONFIG_SYS_FSL_SRK_LE
>  #define CONFIG_KEY_REVOCATION
> diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
> index a1a3004..423c2c4 100644
> --- a/arch/arm/include/asm/fsl_secure_boot.h
> +++ b/arch/arm/include/asm/fsl_secure_boot.h
> @@ -46,9 +46,10 @@
>
>  #endif
>
> -#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
> -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
> - * Similiarly for LS2080
> +#if defined(CONFIG_FSL_LAYERSCAPE)
> +/*
> + * For fsl layerscape based platforms, ESBC image Address in Header
> + * is 64 bit.
>   */
>  #define CONFIG_ESBC_ADDR_64BIT
>  #endif
> @@ -90,12 +91,21 @@
>  #define CONFIG_BS_ADDR_DEVICE		0x00000940
>  #define CONFIG_BS_HDR_SIZE		0x00000010
>  #define CONFIG_BS_SIZE			0x00000008
> +#elif defined(CONFIG_QSPI_BOOT)
> +#ifdef CONFIG_ARCH_LS1046A
> +#define CONFIG_BS_HDR_ADDR_DEVICE	0x40780000
> +#define CONFIG_BS_ADDR_DEVICE		0x40800000
>  #else
> +#error "Platform not supported"
> +#endif
> +#define CONFIG_BS_HDR_SIZE		0x00002000
> +#define CONFIG_BS_SIZE			0x00001000
> +#else /* Default NOR Boot */
>  #define CONFIG_BS_HDR_ADDR_DEVICE	0x600a0000
>  #define CONFIG_BS_ADDR_DEVICE		0x60060000
>  #define CONFIG_BS_HDR_SIZE		0x00002000
>  #define CONFIG_BS_SIZE			0x00001000
> -#endif /* #ifdef CONFIG_SD_BOOT */
> +#endif
>  #define CONFIG_BS_HDR_ADDR_RAM		0x81000000
>  #define CONFIG_BS_ADDR_RAM		0x81020000
>  #endif
>

Please consider to move these to Kconfig in the future.

York

[U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform

[york sun]

On 03/23/2017 01:19 AM, Sumit Garg wrote:
> From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
>
> Define bootscript and its header addresses for QSPI target
> Also add PPA header address in Kconfig
>
> Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
>  arch/arm/cpu/armv8/fsl-layerscape/Kconfig         | 1 +
>  arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
>  arch/arm/include/asm/fsl_secure_boot.h            | 3 +++
>  3 files changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> index fbb6642..03bc9ea 100644
> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> @@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
>  	depends on FSL_LS_PPA && CHAIN_OF_TRUST
>  	default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
>  	default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
> +	default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A

This one has another different offset. Why?

York

[U-Boot] [u-boot-release] [PATCH 3/7] SECURE_BOOT: Enable chain of trust on LS1046A platform

[Sumit Garg]

> -----Original Message-----
> From: york sun
> Sent: Wednesday, March 29, 2017 10:16 PM
> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
> Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>; Ruchika Gupta
> <ruchika.gupta@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
> Subject: Re: [u-boot-release] [PATCH 3/7] SECURE_BOOT: Enable chain of trust
> on LS1046A platform
> 
> On 03/23/2017 01:19 AM, Sumit Garg wrote:
> > From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
> >
> > Define bootscript and its header addresses for QSPI target. Also
> > define PPA header address to enable PPA validation.
> >
> > Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> > ---
> >  arch/arm/cpu/armv8/fsl-layerscape/Kconfig         |  1 +
> >  arch/arm/include/asm/arch-fsl-layerscape/config.h |  2 +-
> >  arch/arm/include/asm/fsl_secure_boot.h            | 18 ++++++++++++++----
> >  3 files changed, 16 insertions(+), 5 deletions(-)
> >
> > diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > index 10efb8c..fbb6642 100644
> > --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > @@ -159,6 +159,7 @@ config SYS_LS_PPA_ESBC_ADDR
> >  	hex "hdr address of PPA firmware loading from"
> >  	depends on FSL_LS_PPA && CHAIN_OF_TRUST
> >  	default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
> > +	default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
> 
> Why isn't the offset consistent?
> 
> >  	help
> >  	  If the PPA header firmware locate at XIP flash, such as NOR or
> >  	  QSPI flash, this address is a directly memory-mapped.
> > diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h
> > b/arch/arm/include/asm/arch-fsl-layerscape/config.h
> > index b5b08aa..1f22afd 100644
> > --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
> > +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
> > @@ -199,7 +199,7 @@
> >
> >  #define CONFIG_SYS_FSL_IFC_BE
> >  #define CONFIG_SYS_FSL_SFP_VER_3_2
> > -#define CONFIG_SYS_FSL_SNVS_LE
> > +#define CONFIG_SYS_FSL_SEC_MON_BE
> >  #define CONFIG_SYS_FSL_SFP_BE
> >  #define CONFIG_SYS_FSL_SRK_LE
> >  #define CONFIG_KEY_REVOCATION
> > diff --git a/arch/arm/include/asm/fsl_secure_boot.h
> > b/arch/arm/include/asm/fsl_secure_boot.h
> > index a1a3004..423c2c4 100644
> > --- a/arch/arm/include/asm/fsl_secure_boot.h
> > +++ b/arch/arm/include/asm/fsl_secure_boot.h
> > @@ -46,9 +46,10 @@
> >
> >  #endif
> >
> > -#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
> > -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
> > - * Similiarly for LS2080
> > +#if defined(CONFIG_FSL_LAYERSCAPE)
> > +/*
> > + * For fsl layerscape based platforms, ESBC image Address in Header
> > + * is 64 bit.
> >   */
> >  #define CONFIG_ESBC_ADDR_64BIT
> >  #endif
> > @@ -90,12 +91,21 @@
> >  #define CONFIG_BS_ADDR_DEVICE		0x00000940
> >  #define CONFIG_BS_HDR_SIZE		0x00000010
> >  #define CONFIG_BS_SIZE			0x00000008
> > +#elif defined(CONFIG_QSPI_BOOT)
> > +#ifdef CONFIG_ARCH_LS1046A
> > +#define CONFIG_BS_HDR_ADDR_DEVICE	0x40780000
> > +#define CONFIG_BS_ADDR_DEVICE		0x40800000
> >  #else
> > +#error "Platform not supported"
> > +#endif
> > +#define CONFIG_BS_HDR_SIZE		0x00002000
> > +#define CONFIG_BS_SIZE			0x00001000
> > +#else /* Default NOR Boot */
> >  #define CONFIG_BS_HDR_ADDR_DEVICE	0x600a0000
> >  #define CONFIG_BS_ADDR_DEVICE		0x60060000
> >  #define CONFIG_BS_HDR_SIZE		0x00002000
> >  #define CONFIG_BS_SIZE			0x00001000
> > -#endif /* #ifdef CONFIG_SD_BOOT */
> > +#endif
> >  #define CONFIG_BS_HDR_ADDR_RAM		0x81000000
> >  #define CONFIG_BS_ADDR_RAM		0x81020000
> >  #endif
> >
> 
> Please consider to move these to Kconfig in the future.
> 
> York

Sure we will move these macros to Kconfig.

Sumit

[U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform

[Sumit Garg]

> -----Original Message-----
> From: york sun
> Sent: Wednesday, March 29, 2017 10:20 PM
> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
> Subject: Re: [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A
> platform
> 
> On 03/23/2017 01:19 AM, Sumit Garg wrote:
> > From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
> >
> > Define bootscript and its header addresses for QSPI target Also add
> > PPA header address in Kconfig
> >
> > Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> > ---
> >  arch/arm/cpu/armv8/fsl-layerscape/Kconfig         | 1 +
> >  arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
> >  arch/arm/include/asm/fsl_secure_boot.h            | 3 +++
> >  3 files changed, 10 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > index fbb6642..03bc9ea 100644
> > --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > @@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
> >  	depends on FSL_LS_PPA && CHAIN_OF_TRUST
> >  	default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
> >  	default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
> > +	default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
> 
> This one has another different offset. Why?
> 
> York
 
This is due to difference in memory map for LS1012A and LS1046A in SDK.

Sumit

[U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform

[york sun]

On 03/29/2017 10:01 AM, Sumit Garg wrote:
>> -----Original Message-----
>> From: york sun
>> Sent: Wednesday, March 29, 2017 10:20 PM
>> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
>> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha
>> <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
>> Subject: Re: [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A
>> platform
>>
>> On 03/23/2017 01:19 AM, Sumit Garg wrote:
>>> From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
>>>
>>> Define bootscript and its header addresses for QSPI target Also add
>>> PPA header address in Kconfig
>>>
>>> Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
>>> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
>>> ---
>>>  arch/arm/cpu/armv8/fsl-layerscape/Kconfig         | 1 +
>>>  arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
>>>  arch/arm/include/asm/fsl_secure_boot.h            | 3 +++
>>>  3 files changed, 10 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
>>> b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
>>> index fbb6642..03bc9ea 100644
>>> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
>>> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
>>> @@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
>>>  	depends on FSL_LS_PPA && CHAIN_OF_TRUST
>>>  	default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
>>>  	default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
>>> +	default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
>>
>> This one has another different offset. Why?
>>
>> York
>
> This is due to difference in memory map for LS1012A and LS1046A in SDK.

I can take it for now. Please consider to consolidate the memory map 
down the road.

York

[U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform

[Sumit Garg]

> -----Original Message-----
> From: york sun
> Sent: Wednesday, March 29, 2017 10:33 PM
> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
> Subject: Re: [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A
> platform
> 
> On 03/29/2017 10:01 AM, Sumit Garg wrote:
> >> -----Original Message-----
> >> From: york sun
> >> Sent: Wednesday, March 29, 2017 10:20 PM
> >> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
> >> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha
> >> <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
> >> Subject: Re: [PATCH 6/7] SECURE_BOOT: Enable chain of trust on
> >> LS1012A platform
> >>
> >> On 03/23/2017 01:19 AM, Sumit Garg wrote:
> >>> From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
> >>>
> >>> Define bootscript and its header addresses for QSPI target Also add
> >>> PPA header address in Kconfig
> >>>
> >>> Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> >>> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> >>> ---
> >>>  arch/arm/cpu/armv8/fsl-layerscape/Kconfig         | 1 +
> >>>  arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
> >>>  arch/arm/include/asm/fsl_secure_boot.h            | 3 +++
> >>>  3 files changed, 10 insertions(+), 1 deletion(-)
> >>>
> >>> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> >>> b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> >>> index fbb6642..03bc9ea 100644
> >>> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> >>> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> >>> @@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
> >>>  	depends on FSL_LS_PPA && CHAIN_OF_TRUST
> >>>  	default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
> >>>  	default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
> >>> +	default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
> >>
> >> This one has another different offset. Why?
> >>
> >> York
> >
> > This is due to difference in memory map for LS1012A and LS1046A in SDK.
> 
> I can take it for now. Please consider to consolidate the memory map down the
> road.
> 
> York

Going forward in DASH or LSDK, memory maps will be consolidated. Then we will remove this difference.

Sumit

[U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets

[York Sun]

On 03/23/2017 01:18 AM, Sumit Garg wrote:
> Purpose of patchset:
> --------------------
> 1. This consolidated patchset supersedes earlier patchset for LS1046
>    and LS1012 secure boot target addition patchsets as they have inter-
>    dependency.
> 2. Rebased and incorporated review comments.
> 3. Enabling PPA in secure boot via Kconfig option similar to non-secure
>    boot for LS1043, LS1012 and LS1046.
>


Applied to u-boot-fsl-qoriq master, awaiting upstream. Thanks.

York