* [U-Boot] [PATCH 1/7] SECURE BOOT: Add header address of PPA in kconfig
2017-03-23 8:18 [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets Sumit Garg
@ 2017-03-23 8:18 ` Sumit Garg
2017-03-23 8:18 ` [U-Boot] [PATCH 2/7] LS1043ARDB: Enable PPA in Secure boot defconfig Sumit Garg
` (6 subsequent siblings)
7 siblings, 0 replies; 15+ messages in thread
From: Sumit Garg @ 2017-03-23 8:18 UTC (permalink / raw)
To: u-boot
From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
The header address of PPA defined in Kconfig.
Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 11 +++++++++++
arch/arm/cpu/armv8/fsl-layerscape/ppa.c | 2 +-
arch/arm/include/asm/fsl_secure_boot.h | 12 ++----------
3 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index a99b1c6..10efb8c 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -154,6 +154,17 @@ config SYS_LS_PPA_FW_ADDR
QSPI flash, this address is a directly memory-mapped.
If it is in a serial accessed flash, such as NAND and SD
card, it is a byte offset.
+
+config SYS_LS_PPA_ESBC_ADDR
+ hex "hdr address of PPA firmware loading from"
+ depends on FSL_LS_PPA && CHAIN_OF_TRUST
+ default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
+ help
+ If the PPA header firmware locate at XIP flash, such as NOR or
+ QSPI flash, this address is a directly memory-mapped.
+ If it is in a serial accessed flash, such as NAND and SD
+ card, it is a byte offset.
+
endmenu
config SYS_FSL_ERRATUM_A010315
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
index b68e87d..cb16925 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c
@@ -42,7 +42,7 @@ int ppa_init(void)
ppa_img_addr = (uintptr_t)ppa_fit_addr;
if (fsl_check_boot_mode_secure() != 0) {
ret = fsl_secboot_validate(ppa_esbc_hdr,
- CONFIG_PPA_KEY_HASH,
+ PPA_KEY_HASH,
&ppa_img_addr);
if (ret != 0)
printf("PPA validation failed\n");
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index fd627c0..a1a3004 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -109,21 +109,13 @@
#endif
#ifdef CONFIG_FSL_LS_PPA
-#ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
-#ifdef CONFIG_LS1043A
-#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000
-#endif
-#else
-#error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
-#endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */
-
/* Define the key hash here if SRK used for signing PPA image is
* different from SRK hash put in SFP used for U-Boot.
* Example
* #define CONFIG_PPA_KEY_HASH \
- * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
+ * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
*/
-#define CONFIG_PPA_KEY_HASH NULL
+#define PPA_KEY_HASH NULL
#endif /* ifdef CONFIG_FSL_LS_PPA */
#include <config_fsl_chain_trust.h>
--
1.9.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 2/7] LS1043ARDB: Enable PPA in Secure boot defconfig
2017-03-23 8:18 [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets Sumit Garg
2017-03-23 8:18 ` [U-Boot] [PATCH 1/7] SECURE BOOT: Add header address of PPA in kconfig Sumit Garg
@ 2017-03-23 8:18 ` Sumit Garg
2017-03-23 8:18 ` [U-Boot] [PATCH 3/7] SECURE_BOOT: Enable chain of trust on LS1046A platform Sumit Garg
` (5 subsequent siblings)
7 siblings, 0 replies; 15+ messages in thread
From: Sumit Garg @ 2017-03-23 8:18 UTC (permalink / raw)
To: u-boot
From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Enable PPA in secure boot by defining FSL_LS_PPA macro in its defconfig
file.
Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
configs/ls1043ardb_SECURE_BOOT_defconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig b/configs/ls1043ardb_SECURE_BOOT_defconfig
index 6f86877..861d49b 100644
--- a/configs/ls1043ardb_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
@@ -3,6 +3,7 @@ CONFIG_TARGET_LS1043ARDB=y
CONFIG_SECURE_BOOT=y
CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1043a-rdb"
CONFIG_FIT=y
+CONFIG_FSL_LS_PPA=y
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=10
--
1.9.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 3/7] SECURE_BOOT: Enable chain of trust on LS1046A platform
2017-03-23 8:18 [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets Sumit Garg
2017-03-23 8:18 ` [U-Boot] [PATCH 1/7] SECURE BOOT: Add header address of PPA in kconfig Sumit Garg
2017-03-23 8:18 ` [U-Boot] [PATCH 2/7] LS1043ARDB: Enable PPA in Secure boot defconfig Sumit Garg
@ 2017-03-23 8:18 ` Sumit Garg
2017-03-29 16:45 ` [U-Boot] [u-boot-release] " york sun
2017-03-23 8:18 ` [U-Boot] [PATCH 4/7] LS1046AQDS: Add NOR Secure Boot Target Sumit Garg
` (4 subsequent siblings)
7 siblings, 1 reply; 15+ messages in thread
From: Sumit Garg @ 2017-03-23 8:18 UTC (permalink / raw)
To: u-boot
From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Define bootscript and its header addresses for QSPI target. Also
define PPA header address to enable PPA validation.
Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 +
arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +-
arch/arm/include/asm/fsl_secure_boot.h | 18 ++++++++++++++----
3 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index 10efb8c..fbb6642 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -159,6 +159,7 @@ config SYS_LS_PPA_ESBC_ADDR
hex "hdr address of PPA firmware loading from"
depends on FSL_LS_PPA && CHAIN_OF_TRUST
default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
+ default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
help
If the PPA header firmware locate at XIP flash, such as NOR or
QSPI flash, this address is a directly memory-mapped.
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h
index b5b08aa..1f22afd 100644
--- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
+++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
@@ -199,7 +199,7 @@
#define CONFIG_SYS_FSL_IFC_BE
#define CONFIG_SYS_FSL_SFP_VER_3_2
-#define CONFIG_SYS_FSL_SNVS_LE
+#define CONFIG_SYS_FSL_SEC_MON_BE
#define CONFIG_SYS_FSL_SFP_BE
#define CONFIG_SYS_FSL_SRK_LE
#define CONFIG_KEY_REVOCATION
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index a1a3004..423c2c4 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -46,9 +46,10 @@
#endif
-#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
-/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
- * Similiarly for LS2080
+#if defined(CONFIG_FSL_LAYERSCAPE)
+/*
+ * For fsl layerscape based platforms, ESBC image Address in Header
+ * is 64 bit.
*/
#define CONFIG_ESBC_ADDR_64BIT
#endif
@@ -90,12 +91,21 @@
#define CONFIG_BS_ADDR_DEVICE 0x00000940
#define CONFIG_BS_HDR_SIZE 0x00000010
#define CONFIG_BS_SIZE 0x00000008
+#elif defined(CONFIG_QSPI_BOOT)
+#ifdef CONFIG_ARCH_LS1046A
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000
+#define CONFIG_BS_ADDR_DEVICE 0x40800000
#else
+#error "Platform not supported"
+#endif
+#define CONFIG_BS_HDR_SIZE 0x00002000
+#define CONFIG_BS_SIZE 0x00001000
+#else /* Default NOR Boot */
#define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000
#define CONFIG_BS_ADDR_DEVICE 0x60060000
#define CONFIG_BS_HDR_SIZE 0x00002000
#define CONFIG_BS_SIZE 0x00001000
-#endif /* #ifdef CONFIG_SD_BOOT */
+#endif
#define CONFIG_BS_HDR_ADDR_RAM 0x81000000
#define CONFIG_BS_ADDR_RAM 0x81020000
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [u-boot-release] [PATCH 3/7] SECURE_BOOT: Enable chain of trust on LS1046A platform
2017-03-23 8:18 ` [U-Boot] [PATCH 3/7] SECURE_BOOT: Enable chain of trust on LS1046A platform Sumit Garg
@ 2017-03-29 16:45 ` york sun
2017-03-29 17:00 ` Sumit Garg
0 siblings, 1 reply; 15+ messages in thread
From: york sun @ 2017-03-29 16:45 UTC (permalink / raw)
To: u-boot
On 03/23/2017 01:19 AM, Sumit Garg wrote:
> From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
>
> Define bootscript and its header addresses for QSPI target. Also
> define PPA header address to enable PPA validation.
>
> Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 +
> arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +-
> arch/arm/include/asm/fsl_secure_boot.h | 18 ++++++++++++++----
> 3 files changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> index 10efb8c..fbb6642 100644
> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> @@ -159,6 +159,7 @@ config SYS_LS_PPA_ESBC_ADDR
> hex "hdr address of PPA firmware loading from"
> depends on FSL_LS_PPA && CHAIN_OF_TRUST
> default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
> + default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
Why isn't the offset consistent?
> help
> If the PPA header firmware locate at XIP flash, such as NOR or
> QSPI flash, this address is a directly memory-mapped.
> diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h
> index b5b08aa..1f22afd 100644
> --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
> +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
> @@ -199,7 +199,7 @@
>
> #define CONFIG_SYS_FSL_IFC_BE
> #define CONFIG_SYS_FSL_SFP_VER_3_2
> -#define CONFIG_SYS_FSL_SNVS_LE
> +#define CONFIG_SYS_FSL_SEC_MON_BE
> #define CONFIG_SYS_FSL_SFP_BE
> #define CONFIG_SYS_FSL_SRK_LE
> #define CONFIG_KEY_REVOCATION
> diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
> index a1a3004..423c2c4 100644
> --- a/arch/arm/include/asm/fsl_secure_boot.h
> +++ b/arch/arm/include/asm/fsl_secure_boot.h
> @@ -46,9 +46,10 @@
>
> #endif
>
> -#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
> -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
> - * Similiarly for LS2080
> +#if defined(CONFIG_FSL_LAYERSCAPE)
> +/*
> + * For fsl layerscape based platforms, ESBC image Address in Header
> + * is 64 bit.
> */
> #define CONFIG_ESBC_ADDR_64BIT
> #endif
> @@ -90,12 +91,21 @@
> #define CONFIG_BS_ADDR_DEVICE 0x00000940
> #define CONFIG_BS_HDR_SIZE 0x00000010
> #define CONFIG_BS_SIZE 0x00000008
> +#elif defined(CONFIG_QSPI_BOOT)
> +#ifdef CONFIG_ARCH_LS1046A
> +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000
> +#define CONFIG_BS_ADDR_DEVICE 0x40800000
> #else
> +#error "Platform not supported"
> +#endif
> +#define CONFIG_BS_HDR_SIZE 0x00002000
> +#define CONFIG_BS_SIZE 0x00001000
> +#else /* Default NOR Boot */
> #define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000
> #define CONFIG_BS_ADDR_DEVICE 0x60060000
> #define CONFIG_BS_HDR_SIZE 0x00002000
> #define CONFIG_BS_SIZE 0x00001000
> -#endif /* #ifdef CONFIG_SD_BOOT */
> +#endif
> #define CONFIG_BS_HDR_ADDR_RAM 0x81000000
> #define CONFIG_BS_ADDR_RAM 0x81020000
> #endif
>
Please consider to move these to Kconfig in the future.
York
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [u-boot-release] [PATCH 3/7] SECURE_BOOT: Enable chain of trust on LS1046A platform
2017-03-29 16:45 ` [U-Boot] [u-boot-release] " york sun
@ 2017-03-29 17:00 ` Sumit Garg
0 siblings, 0 replies; 15+ messages in thread
From: Sumit Garg @ 2017-03-29 17:00 UTC (permalink / raw)
To: u-boot
> -----Original Message-----
> From: york sun
> Sent: Wednesday, March 29, 2017 10:16 PM
> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
> Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>; Ruchika Gupta
> <ruchika.gupta@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
> Subject: Re: [u-boot-release] [PATCH 3/7] SECURE_BOOT: Enable chain of trust
> on LS1046A platform
>
> On 03/23/2017 01:19 AM, Sumit Garg wrote:
> > From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
> >
> > Define bootscript and its header addresses for QSPI target. Also
> > define PPA header address to enable PPA validation.
> >
> > Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> > ---
> > arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 +
> > arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +-
> > arch/arm/include/asm/fsl_secure_boot.h | 18 ++++++++++++++----
> > 3 files changed, 16 insertions(+), 5 deletions(-)
> >
> > diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > index 10efb8c..fbb6642 100644
> > --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > @@ -159,6 +159,7 @@ config SYS_LS_PPA_ESBC_ADDR
> > hex "hdr address of PPA firmware loading from"
> > depends on FSL_LS_PPA && CHAIN_OF_TRUST
> > default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
> > + default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
>
> Why isn't the offset consistent?
>
> > help
> > If the PPA header firmware locate at XIP flash, such as NOR or
> > QSPI flash, this address is a directly memory-mapped.
> > diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h
> > b/arch/arm/include/asm/arch-fsl-layerscape/config.h
> > index b5b08aa..1f22afd 100644
> > --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
> > +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
> > @@ -199,7 +199,7 @@
> >
> > #define CONFIG_SYS_FSL_IFC_BE
> > #define CONFIG_SYS_FSL_SFP_VER_3_2
> > -#define CONFIG_SYS_FSL_SNVS_LE
> > +#define CONFIG_SYS_FSL_SEC_MON_BE
> > #define CONFIG_SYS_FSL_SFP_BE
> > #define CONFIG_SYS_FSL_SRK_LE
> > #define CONFIG_KEY_REVOCATION
> > diff --git a/arch/arm/include/asm/fsl_secure_boot.h
> > b/arch/arm/include/asm/fsl_secure_boot.h
> > index a1a3004..423c2c4 100644
> > --- a/arch/arm/include/asm/fsl_secure_boot.h
> > +++ b/arch/arm/include/asm/fsl_secure_boot.h
> > @@ -46,9 +46,10 @@
> >
> > #endif
> >
> > -#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
> > -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
> > - * Similiarly for LS2080
> > +#if defined(CONFIG_FSL_LAYERSCAPE)
> > +/*
> > + * For fsl layerscape based platforms, ESBC image Address in Header
> > + * is 64 bit.
> > */
> > #define CONFIG_ESBC_ADDR_64BIT
> > #endif
> > @@ -90,12 +91,21 @@
> > #define CONFIG_BS_ADDR_DEVICE 0x00000940
> > #define CONFIG_BS_HDR_SIZE 0x00000010
> > #define CONFIG_BS_SIZE 0x00000008
> > +#elif defined(CONFIG_QSPI_BOOT)
> > +#ifdef CONFIG_ARCH_LS1046A
> > +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000
> > +#define CONFIG_BS_ADDR_DEVICE 0x40800000
> > #else
> > +#error "Platform not supported"
> > +#endif
> > +#define CONFIG_BS_HDR_SIZE 0x00002000
> > +#define CONFIG_BS_SIZE 0x00001000
> > +#else /* Default NOR Boot */
> > #define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000
> > #define CONFIG_BS_ADDR_DEVICE 0x60060000
> > #define CONFIG_BS_HDR_SIZE 0x00002000
> > #define CONFIG_BS_SIZE 0x00001000
> > -#endif /* #ifdef CONFIG_SD_BOOT */
> > +#endif
> > #define CONFIG_BS_HDR_ADDR_RAM 0x81000000
> > #define CONFIG_BS_ADDR_RAM 0x81020000
> > #endif
> >
>
> Please consider to move these to Kconfig in the future.
>
> York
Sure we will move these macros to Kconfig.
Sumit
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 4/7] LS1046AQDS: Add NOR Secure Boot Target
2017-03-23 8:18 [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets Sumit Garg
` (2 preceding siblings ...)
2017-03-23 8:18 ` [U-Boot] [PATCH 3/7] SECURE_BOOT: Enable chain of trust on LS1046A platform Sumit Garg
@ 2017-03-23 8:18 ` Sumit Garg
2017-03-23 8:18 ` [U-Boot] [PATCH 5/7] LS1046ARDB: Add QSPI Secure Boot target Sumit Garg
` (3 subsequent siblings)
7 siblings, 0 replies; 15+ messages in thread
From: Sumit Garg @ 2017-03-23 8:18 UTC (permalink / raw)
To: u-boot
Add NOR secure boot target. Also enable sec init.
Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
board/freescale/ls1046aqds/MAINTAINERS | 4 ++++
board/freescale/ls1046aqds/ls1046aqds.c | 19 ++++++++++++++++
configs/ls1046aqds_SECURE_BOOT_defconfig | 39 ++++++++++++++++++++++++++++++++
3 files changed, 62 insertions(+)
create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046aqds/MAINTAINERS b/board/freescale/ls1046aqds/MAINTAINERS
index b4549ae..6737d55 100644
--- a/board/freescale/ls1046aqds/MAINTAINERS
+++ b/board/freescale/ls1046aqds/MAINTAINERS
@@ -8,3 +8,7 @@ F: configs/ls1046aqds_nand_defconfig
F: configs/ls1046aqds_sdcard_ifc_defconfig
F: configs/ls1046aqds_sdcard_qspi_defconfig
F: configs/ls1046aqds_qspi_defconfig
+
+M: Sumit Garg <sumit.garg@nxp.com>
+S: Maintained
+F: configs/ls1046aqds_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046aqds/ls1046aqds.c b/board/freescale/ls1046aqds/ls1046aqds.c
index af3f70a..8def6e6 100644
--- a/board/freescale/ls1046aqds/ls1046aqds.c
+++ b/board/freescale/ls1046aqds/ls1046aqds.c
@@ -21,6 +21,7 @@
#include <fsl_csu.h>
#include <fsl_esdhc.h>
#include <fsl_ifc.h>
+#include <fsl_sec.h>
#include <spl.h>
#include "../common/vid.h"
@@ -265,6 +266,24 @@ int board_init(void)
if (adjust_vdd(0))
printf("Warning: Adjusting core voltage failed.\n");
+#ifdef CONFIG_SECURE_BOOT
+ /*
+ * In case of Secure Boot, the IBR configures the SMMU
+ * to allow only Secure transactions.
+ * SMMU must be reset in bypass mode.
+ * Set the ClientPD bit and Clear the USFCFG Bit
+ */
+ u32 val;
+ val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+ out_le32(SMMU_SCR0, val);
+ val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+ out_le32(SMMU_NSCR0, val);
+#endif
+
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
+
return 0;
}
diff --git a/configs/ls1046aqds_SECURE_BOOT_defconfig b/configs/ls1046aqds_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..dc16fa0
--- /dev/null
+++ b/configs/ls1046aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,39 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046AQDS=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-qds-duart"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SECURE_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_MEMTEST=y
+CONFIG_CMD_MEMINFO=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_MTD_NOR_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_DSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_RSA=y
--
1.9.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 5/7] LS1046ARDB: Add QSPI Secure Boot target
2017-03-23 8:18 [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets Sumit Garg
` (3 preceding siblings ...)
2017-03-23 8:18 ` [U-Boot] [PATCH 4/7] LS1046AQDS: Add NOR Secure Boot Target Sumit Garg
@ 2017-03-23 8:18 ` Sumit Garg
2017-03-23 8:18 ` [U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform Sumit Garg
` (2 subsequent siblings)
7 siblings, 0 replies; 15+ messages in thread
From: Sumit Garg @ 2017-03-23 8:18 UTC (permalink / raw)
To: u-boot
From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Add QSPI Secure Boot target. Also enable sec init.
Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
board/freescale/ls1046ardb/Kconfig | 2 +-
board/freescale/ls1046ardb/MAINTAINERS | 4 +++
board/freescale/ls1046ardb/ls1046ardb.c | 19 ++++++++++++++
configs/ls1046ardb_qspi_SECURE_BOOT_defconfig | 37 +++++++++++++++++++++++++++
include/configs/ls1046ardb.h | 2 ++
5 files changed, 63 insertions(+), 1 deletion(-)
create mode 100644 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046ardb/Kconfig b/board/freescale/ls1046ardb/Kconfig
index a62255c..b9f2ed7 100644
--- a/board/freescale/ls1046ardb/Kconfig
+++ b/board/freescale/ls1046ardb/Kconfig
@@ -12,5 +12,5 @@ config SYS_SOC
config SYS_CONFIG_NAME
default "ls1046ardb"
-
+source "board/freescale/common/Kconfig"
endif
diff --git a/board/freescale/ls1046ardb/MAINTAINERS b/board/freescale/ls1046ardb/MAINTAINERS
index ff42bef..758ff9d 100644
--- a/board/freescale/ls1046ardb/MAINTAINERS
+++ b/board/freescale/ls1046ardb/MAINTAINERS
@@ -7,3 +7,7 @@ F: include/configs/ls1046ardb.h
F: configs/ls1046ardb_qspi_defconfig
F: configs/ls1046ardb_sdcard_defconfig
F: configs/ls1046ardb_emmc_defconfig
+
+M: Sumit Garg <sumit.garg@nxp.com>
+S: Maintained
+F: configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046ardb/ls1046ardb.c b/board/freescale/ls1046ardb/ls1046ardb.c
index 02b6c4c..df69dcf 100644
--- a/board/freescale/ls1046ardb/ls1046ardb.c
+++ b/board/freescale/ls1046ardb/ls1046ardb.c
@@ -21,6 +21,7 @@
#include <fsl_esdhc.h>
#include <power/mc34vr500_pmic.h>
#include "cpld.h"
+#include <fsl_sec.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -71,6 +72,24 @@ int board_init(void)
enable_layerscape_ns_access();
#endif
+#ifdef CONFIG_SECURE_BOOT
+ /*
+ * In case of Secure Boot, the IBR configures the SMMU
+ * to allow only Secure transactions.
+ * SMMU must be reset in bypass mode.
+ * Set the ClientPD bit and Clear the USFCFG Bit
+ */
+ u32 val;
+ val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+ out_le32(SMMU_SCR0, val);
+ val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+ out_le32(SMMU_NSCR0, val);
+#endif
+
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
+
#ifdef CONFIG_FSL_LS_PPA
ppa_init();
#endif
diff --git a/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..af14e19
--- /dev/null
+++ b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,37 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046ARDB=y
+CONFIG_FSL_LS_PPA=y
+CONFIG_QSPI_AHB_INIT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb"
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_QSPI_BOOT=y
+CONFIG_SECURE_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_HUSH_PARSER=y
+# CONFIG_CMD_IMLS is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_QSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_RSA=y
diff --git a/include/configs/ls1046ardb.h b/include/configs/ls1046ardb.h
index 2141b82..196db81 100644
--- a/include/configs/ls1046ardb.h
+++ b/include/configs/ls1046ardb.h
@@ -239,4 +239,6 @@
"7e800000.flash:16m(nand_uboot)," \
"48m(nand_kernel),448m(nand_free)"
+#include <asm/fsl_secure_boot.h>
+
#endif /* __LS1046ARDB_H__ */
--
1.9.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform
2017-03-23 8:18 [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets Sumit Garg
` (4 preceding siblings ...)
2017-03-23 8:18 ` [U-Boot] [PATCH 5/7] LS1046ARDB: Add QSPI Secure Boot target Sumit Garg
@ 2017-03-23 8:18 ` Sumit Garg
2017-03-29 16:50 ` york sun
2017-03-23 8:18 ` [U-Boot] [PATCH 7/7] LS1012ARDB: Add QSPI Secure Boot target Sumit Garg
2017-04-18 15:36 ` [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets York Sun
7 siblings, 1 reply; 15+ messages in thread
From: Sumit Garg @ 2017-03-23 8:18 UTC (permalink / raw)
To: u-boot
From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Define bootscript and its header addresses for QSPI target
Also add PPA header address in Kconfig
Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 +
arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
arch/arm/include/asm/fsl_secure_boot.h | 3 +++
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index fbb6642..03bc9ea 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
depends on FSL_LS_PPA && CHAIN_OF_TRUST
default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
+ default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
help
If the PPA header firmware locate at XIP flash, such as NOR or
QSPI flash, this address is a directly memory-mapped.
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h
index 1f22afd..4db11b6 100644
--- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
+++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
@@ -185,7 +185,12 @@
#elif defined(CONFIG_ARCH_LS1012A)
#define GICD_BASE 0x01401000
#define GICC_BASE 0x01402000
-
+#define CONFIG_SYS_FSL_SFP_VER_3_2
+#define CONFIG_SYS_FSL_SEC_MON_BE
+#define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SRK_LE
+#define CONFIG_KEY_REVOCATION
+#define CONFIG_SYS_FSL_MAX_NUM_OF_SEC 1
#define CONFIG_SYS_DDR_BLOCK1_SIZE ((phys_size_t)2 << 30)
#define CONFIG_MAX_MEM_MAPPED CONFIG_SYS_DDR_BLOCK1_SIZE
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 423c2c4..69cd35d 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -95,6 +95,9 @@
#ifdef CONFIG_ARCH_LS1046A
#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000
#define CONFIG_BS_ADDR_DEVICE 0x40800000
+#elif defined(CONFIG_ARCH_LS1012A)
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x400c0000
+#define CONFIG_BS_ADDR_DEVICE 0x40060000
#else
#error "Platform not supported"
#endif
--
1.9.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform
2017-03-23 8:18 ` [U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform Sumit Garg
@ 2017-03-29 16:50 ` york sun
2017-03-29 17:01 ` Sumit Garg
0 siblings, 1 reply; 15+ messages in thread
From: york sun @ 2017-03-29 16:50 UTC (permalink / raw)
To: u-boot
On 03/23/2017 01:19 AM, Sumit Garg wrote:
> From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
>
> Define bootscript and its header addresses for QSPI target
> Also add PPA header address in Kconfig
>
> Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 +
> arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
> arch/arm/include/asm/fsl_secure_boot.h | 3 +++
> 3 files changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> index fbb6642..03bc9ea 100644
> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> @@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
> depends on FSL_LS_PPA && CHAIN_OF_TRUST
> default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
> default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
> + default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
This one has another different offset. Why?
York
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform
2017-03-29 16:50 ` york sun
@ 2017-03-29 17:01 ` Sumit Garg
2017-03-29 17:03 ` york sun
0 siblings, 1 reply; 15+ messages in thread
From: Sumit Garg @ 2017-03-29 17:01 UTC (permalink / raw)
To: u-boot
> -----Original Message-----
> From: york sun
> Sent: Wednesday, March 29, 2017 10:20 PM
> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
> Subject: Re: [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A
> platform
>
> On 03/23/2017 01:19 AM, Sumit Garg wrote:
> > From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
> >
> > Define bootscript and its header addresses for QSPI target Also add
> > PPA header address in Kconfig
> >
> > Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> > ---
> > arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 +
> > arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
> > arch/arm/include/asm/fsl_secure_boot.h | 3 +++
> > 3 files changed, 10 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > index fbb6642..03bc9ea 100644
> > --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > @@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
> > depends on FSL_LS_PPA && CHAIN_OF_TRUST
> > default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
> > default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
> > + default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
>
> This one has another different offset. Why?
>
> York
This is due to difference in memory map for LS1012A and LS1046A in SDK.
Sumit
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform
2017-03-29 17:01 ` Sumit Garg
@ 2017-03-29 17:03 ` york sun
2017-03-29 17:06 ` Sumit Garg
0 siblings, 1 reply; 15+ messages in thread
From: york sun @ 2017-03-29 17:03 UTC (permalink / raw)
To: u-boot
On 03/29/2017 10:01 AM, Sumit Garg wrote:
>> -----Original Message-----
>> From: york sun
>> Sent: Wednesday, March 29, 2017 10:20 PM
>> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
>> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha
>> <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
>> Subject: Re: [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A
>> platform
>>
>> On 03/23/2017 01:19 AM, Sumit Garg wrote:
>>> From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
>>>
>>> Define bootscript and its header addresses for QSPI target Also add
>>> PPA header address in Kconfig
>>>
>>> Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
>>> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
>>> ---
>>> arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 +
>>> arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
>>> arch/arm/include/asm/fsl_secure_boot.h | 3 +++
>>> 3 files changed, 10 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
>>> b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
>>> index fbb6642..03bc9ea 100644
>>> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
>>> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
>>> @@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
>>> depends on FSL_LS_PPA && CHAIN_OF_TRUST
>>> default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
>>> default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
>>> + default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
>>
>> This one has another different offset. Why?
>>
>> York
>
> This is due to difference in memory map for LS1012A and LS1046A in SDK.
I can take it for now. Please consider to consolidate the memory map
down the road.
York
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform
2017-03-29 17:03 ` york sun
@ 2017-03-29 17:06 ` Sumit Garg
0 siblings, 0 replies; 15+ messages in thread
From: Sumit Garg @ 2017-03-29 17:06 UTC (permalink / raw)
To: u-boot
> -----Original Message-----
> From: york sun
> Sent: Wednesday, March 29, 2017 10:33 PM
> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha
> <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
> Subject: Re: [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A
> platform
>
> On 03/29/2017 10:01 AM, Sumit Garg wrote:
> >> -----Original Message-----
> >> From: york sun
> >> Sent: Wednesday, March 29, 2017 10:20 PM
> >> To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de
> >> Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha
> >> <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com>
> >> Subject: Re: [PATCH 6/7] SECURE_BOOT: Enable chain of trust on
> >> LS1012A platform
> >>
> >> On 03/23/2017 01:19 AM, Sumit Garg wrote:
> >>> From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
> >>>
> >>> Define bootscript and its header addresses for QSPI target Also add
> >>> PPA header address in Kconfig
> >>>
> >>> Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
> >>> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> >>> ---
> >>> arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 +
> >>> arch/arm/include/asm/arch-fsl-layerscape/config.h | 7 ++++++-
> >>> arch/arm/include/asm/fsl_secure_boot.h | 3 +++
> >>> 3 files changed, 10 insertions(+), 1 deletion(-)
> >>>
> >>> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> >>> b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> >>> index fbb6642..03bc9ea 100644
> >>> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> >>> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> >>> @@ -160,6 +160,7 @@ config SYS_LS_PPA_ESBC_ADDR
> >>> depends on FSL_LS_PPA && CHAIN_OF_TRUST
> >>> default 0x600c0000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
> >>> default 0x40740000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
> >>> + default 0x40480000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
> >>
> >> This one has another different offset. Why?
> >>
> >> York
> >
> > This is due to difference in memory map for LS1012A and LS1046A in SDK.
>
> I can take it for now. Please consider to consolidate the memory map down the
> road.
>
> York
Going forward in DASH or LSDK, memory maps will be consolidated. Then we will remove this difference.
Sumit
^ permalink raw reply [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 7/7] LS1012ARDB: Add QSPI Secure Boot target
2017-03-23 8:18 [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets Sumit Garg
` (5 preceding siblings ...)
2017-03-23 8:18 ` [U-Boot] [PATCH 6/7] SECURE_BOOT: Enable chain of trust on LS1012A platform Sumit Garg
@ 2017-03-23 8:18 ` Sumit Garg
2017-04-18 15:36 ` [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets York Sun
7 siblings, 0 replies; 15+ messages in thread
From: Sumit Garg @ 2017-03-23 8:18 UTC (permalink / raw)
To: u-boot
From: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Add QSPI Secure Boot target to enable chain of trust
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
---
board/freescale/ls1012ardb/MAINTAINERS | 4 +++
board/freescale/ls1012ardb/ls1012ardb.c | 5 +++
configs/ls1012ardb_qspi_SECURE_BOOT_defconfig | 48 +++++++++++++++++++++++++++
include/configs/ls1012a_common.h | 2 --
include/configs/ls1012ardb.h | 3 ++
5 files changed, 60 insertions(+), 2 deletions(-)
create mode 100644 configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1012ardb/MAINTAINERS b/board/freescale/ls1012ardb/MAINTAINERS
index 79a2a7d..2cb38e7 100644
--- a/board/freescale/ls1012ardb/MAINTAINERS
+++ b/board/freescale/ls1012ardb/MAINTAINERS
@@ -4,3 +4,7 @@ S: Maintained
F: board/freescale/ls1012ardb/
F: include/configs/ls1012ardb.h
F: configs/ls1012ardb_qspi_defconfig
+
+M: Sumit Garg <sumit.garg@nxp.com>
+S: Maintained
+F: configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1012ardb/ls1012ardb.c b/board/freescale/ls1012ardb/ls1012ardb.c
index a23a23b..a21e4c4 100644
--- a/board/freescale/ls1012ardb/ls1012ardb.c
+++ b/board/freescale/ls1012ardb/ls1012ardb.c
@@ -22,6 +22,7 @@
#include <environment.h>
#include <fsl_mmdc.h>
#include <netdev.h>
+#include <fsl_sec.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -118,6 +119,10 @@ int board_init(void)
gd->env_addr = (ulong)&default_environment[0];
#endif
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
+
#ifdef CONFIG_FSL_LS_PPA
ppa_init();
#endif
diff --git a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..97f49d5
--- /dev/null
+++ b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,48 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1012ARDB=y
+CONFIG_SYS_EXTRA_OPTIONS="QSPI_BOOT"
+# CONFIG_CMD_IMLS is not set
+CONFIG_SYS_NS16550=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb"
+CONFIG_FSL_LS_PPA=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPI_FLASH=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SECURE_BOOT=y
+CONFIG_QSPI_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_USB=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_DSPI=y
+CONFIG_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/include/configs/ls1012a_common.h b/include/configs/ls1012a_common.h
index af07672..c36736f 100644
--- a/include/configs/ls1012a_common.h
+++ b/include/configs/ls1012a_common.h
@@ -122,6 +122,4 @@
#define CONFIG_PANIC_HANG
#define CONFIG_SYS_BOOTM_LEN (64 << 20) /* Increase max gunzip size */
-#include <asm/fsl_secure_boot.h>
-
#endif /* __LS1012A_COMMON_H */
diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h
index 70d3a71..276fe10 100644
--- a/include/configs/ls1012ardb.h
+++ b/include/configs/ls1012ardb.h
@@ -74,4 +74,7 @@
#define CONFIG_SYS_MEMTEST_START 0x80000000
#define CONFIG_SYS_MEMTEST_END 0x9fffffff
+
+#include <asm/fsl_secure_boot.h>
+
#endif /* __LS1012ARDB_H__ */
--
1.9.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets
2017-03-23 8:18 [U-Boot] [PATCH 0/7] Add LS1046 and LS1012 secure boot targets Sumit Garg
` (6 preceding siblings ...)
2017-03-23 8:18 ` [U-Boot] [PATCH 7/7] LS1012ARDB: Add QSPI Secure Boot target Sumit Garg
@ 2017-04-18 15:36 ` York Sun
7 siblings, 0 replies; 15+ messages in thread
From: York Sun @ 2017-04-18 15:36 UTC (permalink / raw)
To: u-boot
On 03/23/2017 01:18 AM, Sumit Garg wrote:
> Purpose of patchset:
> --------------------
> 1. This consolidated patchset supersedes earlier patchset for LS1046
> and LS1012 secure boot target addition patchsets as they have inter-
> dependency.
> 2. Rebased and incorporated review comments.
> 3. Enabling PPA in secure boot via Kconfig option similar to non-secure
> boot for LS1043, LS1012 and LS1046.
>
Applied to u-boot-fsl-qoriq master, awaiting upstream. Thanks.
York
^ permalink raw reply [flat|nested] 15+ messages in thread