[U-Boot] [PATCH v1 0/9] Enable falcon boot for LS1043ARDB SDCARD boot

[U-Boot] [PATCH v1 0/9] Enable falcon boot for LS1043ARDB SDCARD boot

[York Sun]

With two previous sets, "Add FIT support for falcon boot" and "Enable
PPA in SPL for ARMv8 Layerscape SoCs", this set enables falcon boot
for LS1043ARDB SDCARD boot and related secure boot.


Ruchika Gupta (2):
  fsl: secure boot: Remove dependency of command line for fsl_validate.c
  fsl: secure boot: Add fsl_rsa_modexp_raw function for scenarios
    without DM model

York Sun (7):
  armv8: ls1043ardb: Use static DDR setting for SPL secure boot
  armv8: layerscape: Eanble falcon boot
  armv8: ls1043ardb_sdcard: Enable falcon boot
  crypto: fsl: Allocate memory for descriptor from main memory
  armv8: fsl-layerscape: Enable secure boot valiation for SPL boot
  armv8: layerscape: falcon: Implement FIT image validation
  armv8: ls1043ardb: Enable loading PPA and falcon boot for SD secure
    boot

 .../arm/cpu/armv8/fsl-layerscape/doc/README.falcon | 86 ++++++++++++++++++++++
 arch/arm/cpu/armv8/fsl-layerscape/spl.c            | 58 +++++++++++++++
 arch/arm/include/asm/fsl_secure_boot.h             |  5 +-
 arch/arm/include/asm/system.h                      |  2 +-
 arch/arm/lib/spl.c                                 | 11 +++
 board/freescale/common/Makefile                    |  5 +-
 board/freescale/common/fsl_validate.c              | 19 +++--
 board/freescale/ls1043ardb/ddr.c                   | 46 ++++++++++++
 board/freescale/ls1043ardb/ddr.h                   | 67 +++++++++++++++++
 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig    | 10 ++-
 configs/ls1043ardb_sdcard_defconfig                |  8 +-
 drivers/crypto/fsl/fsl_rsa.c                       | 43 ++++++++++-
 include/configs/ls1043a_common.h                   |  9 ++-
 include/configs/ls1043ardb.h                       | 14 +++-
 14 files changed, 360 insertions(+), 23 deletions(-)
 create mode 100644 arch/arm/cpu/armv8/fsl-layerscape/doc/README.falcon

-- 
2.7.4

[U-Boot] [PATCH v1 1/9] armv8: ls1043ardb: Use static DDR setting for SPL secure boot

[York Sun]

This board has soldered DDR chips. To reduce the SPL image size for
secure boot, use static DDR setting instead of dynamic DDR driver.

Signed-off-by: York Sun <york.sun@nxp.com>
---

 board/freescale/ls1043ardb/ddr.c | 46 +++++++++++++++++++++++++++
 board/freescale/ls1043ardb/ddr.h | 67 ++++++++++++++++++++++++++++++++++++++++
 include/configs/ls1043ardb.h     |  8 +++--
 3 files changed, 118 insertions(+), 3 deletions(-)

diff --git a/board/freescale/ls1043ardb/ddr.c b/board/freescale/ls1043ardb/ddr.c
index 36d27ec..a3f1767 100644
--- a/board/freescale/ls1043ardb/ddr.c
+++ b/board/freescale/ls1043ardb/ddr.c
@@ -168,18 +168,64 @@ int fsl_ddr_get_dimm_params(dimm_params_t *pdimm,
 
 	return 0;
 }
+#else
+
+phys_size_t fixed_sdram(void)
+{
+	int i;
+	char buf[32];
+	fsl_ddr_cfg_regs_t ddr_cfg_regs;
+	phys_size_t ddr_size;
+	ulong ddr_freq, ddr_freq_mhz;
+
+	ddr_freq = get_ddr_freq(0);
+	ddr_freq_mhz = ddr_freq / 1000000;
+
+	printf("Configuring DDR for %s MT/s data rate\n",
+	       strmhz(buf, ddr_freq));
+
+	for (i = 0; fixed_ddr_parm_0[i].max_freq > 0; i++) {
+		if ((ddr_freq_mhz > fixed_ddr_parm_0[i].min_freq) &&
+		    (ddr_freq_mhz <= fixed_ddr_parm_0[i].max_freq)) {
+			memcpy(&ddr_cfg_regs,
+			       fixed_ddr_parm_0[i].ddr_settings,
+			       sizeof(ddr_cfg_regs));
+			break;
+		}
+	}
+
+	if (fixed_ddr_parm_0[i].max_freq == 0)
+		panic("Unsupported DDR data rate %s MT/s data rate\n",
+		      strmhz(buf, ddr_freq));
+
+	ddr_size = (phys_size_t) 2048 * 1024 * 1024;
+	fsl_ddr_set_memctl_regs(&ddr_cfg_regs, 0, 0);
+
+	return ddr_size;
+}
 #endif
 
 int fsl_initdram(void)
 {
 	phys_size_t dram_size;
 
+#ifdef CONFIG_SYS_DDR_RAW_TIMING
 #if defined(CONFIG_SPL_BUILD) || !defined(CONFIG_SPL)
 	puts("Initializing DDR....\n");
 	dram_size = fsl_ddr_sdram();
 #else
 	dram_size =  fsl_ddr_sdram_size();
 #endif
+#else
+#if defined(CONFIG_SPL_BUILD) || !defined(CONFIG_SPL)
+	puts("Initialzing DDR using fixed setting\n");
+	dram_size = fixed_sdram();
+#else
+	gd->ram_size = 0x80000000;
+
+	return 0;
+#endif
+#endif
 	erratum_a008850_post();
 
 #ifdef CONFIG_FSL_DEEP_SLEEP
diff --git a/board/freescale/ls1043ardb/ddr.h b/board/freescale/ls1043ardb/ddr.h
index a77ddf3..926eff8 100644
--- a/board/freescale/ls1043ardb/ddr.h
+++ b/board/freescale/ls1043ardb/ddr.h
@@ -45,4 +45,71 @@ static const struct board_specific_parameters *udimms[] = {
 	udimm0,
 };
 
+#ifndef CONFIG_SYS_DDR_RAW_TIMING
+fsl_ddr_cfg_regs_t ddr_cfg_regs_1600 = {
+	.cs[0].bnds = 0x0000007F,
+	.cs[1].bnds = 0,
+	.cs[2].bnds = 0,
+	.cs[3].bnds = 0,
+	.cs[0].config = 0x80040322,
+	.cs[0].config_2 = 0,
+	.cs[1].config = 0,
+	.cs[1].config_2 = 0,
+	.cs[2].config = 0,
+	.cs[3].config = 0,
+	.timing_cfg_3 = 0x010C1000,
+	.timing_cfg_0 = 0x91550018,
+	.timing_cfg_1 = 0xBBB48C42,
+	.timing_cfg_2 = 0x0048C111,
+	.ddr_sdram_cfg = 0xC50C0008,
+	.ddr_sdram_cfg_2 = 0x00401100,
+	.ddr_sdram_cfg_3 = 0,
+	.ddr_sdram_mode = 0x03010210,
+	.ddr_sdram_mode_2 = 0,
+	.ddr_sdram_mode_3 = 0x00010210,
+	.ddr_sdram_mode_4 = 0,
+	.ddr_sdram_mode_5 = 0x00010210,
+	.ddr_sdram_mode_6 = 0,
+	.ddr_sdram_mode_7 = 0x00010210,
+	.ddr_sdram_mode_8 = 0,
+	.ddr_sdram_mode_9 = 0x00000500,
+	.ddr_sdram_mode_10 = 0x04000000,
+	.ddr_sdram_mode_11 = 0x00000400,
+	.ddr_sdram_mode_12 = 0x04000000,
+	.ddr_sdram_mode_13 = 0x00000400,
+	.ddr_sdram_mode_14 = 0x04000000,
+	.ddr_sdram_mode_15 = 0x00000400,
+	.ddr_sdram_mode_16 = 0x04000000,
+	.ddr_sdram_interval = 0x18600618,
+	.ddr_data_init = 0xDEADBEEF,
+	.ddr_sdram_clk_cntl = 0x03000000,
+	.ddr_init_addr = 0,
+	.ddr_init_ext_addr = 0,
+	.timing_cfg_4 = 0x00000002,
+	.timing_cfg_5 = 0x03401400,
+	.timing_cfg_6 = 0,
+	.timing_cfg_7 = 0x13300000,
+	.timing_cfg_8 = 0x02115600,
+	.timing_cfg_9 = 0,
+	.ddr_zq_cntl = 0x8A090705,
+	.ddr_wrlvl_cntl = 0x8675F607,
+	.ddr_wrlvl_cntl_2 = 0x07090800,
+	.ddr_wrlvl_cntl_3 = 0,
+	.ddr_sr_cntr = 0,
+	.ddr_sdram_rcw_1 = 0,
+	.ddr_sdram_rcw_2 = 0,
+	.ddr_cdr1 = 0x80040000,
+	.ddr_cdr2 = 0x0000A181,
+	.dq_map_0 = 0,
+	.dq_map_1 = 0,
+	.dq_map_2 = 0,
+	.dq_map_3 = 0,
+	.debug[28] = 0x00700046,
+
+};
+fixed_ddr_parm_t fixed_ddr_parm_0[] = {
+	{1550, 1650, &ddr_cfg_regs_1600},
+	{0, 0, NULL}
+};
+#endif
 #endif
diff --git a/include/configs/ls1043ardb.h b/include/configs/ls1043ardb.h
index 5e570cd..7bac8b6 100644
--- a/include/configs/ls1043ardb.h
+++ b/include/configs/ls1043ardb.h
@@ -28,13 +28,15 @@
 
 #define CONFIG_SYS_SPD_BUS_NUM		0
 
-#define CONFIG_FSL_DDR_BIST
 #ifndef CONFIG_SPL
-#define CONFIG_FSL_DDR_INTERACTIVE	/* Interactive debugging */
-#endif
+#ifndef CONFIG_SECURE_BOOT
 #define CONFIG_SYS_DDR_RAW_TIMING
+#endif
+#define CONFIG_FSL_DDR_INTERACTIVE	/* Interactive debugging */
+#define CONFIG_FSL_DDR_BIST
 #define CONFIG_ECC_INIT_VIA_DDRCONTROLLER
 #define CONFIG_MEM_INIT_VALUE           0xdeadbeef
+#endif
 
 #ifdef CONFIG_RAMBOOT_PBL
 #define CONFIG_SYS_FSL_PBL_PBI board/freescale/ls1043ardb/ls1043ardb_pbi.cfg
-- 
2.7.4

[U-Boot] [PATCH v1 2/9] armv8: layerscape: Eanble falcon boot

[York Sun]

Add jump_to_image_linux() for arm64. Add "noreturn" flag to
armv8_switch_to_el2(). Add hooks to fsl-layerscape to enable falcon
boot.

Signed-off-by: York Sun <york.sun@nxp.com>
---

 .../arm/cpu/armv8/fsl-layerscape/doc/README.falcon | 86 ++++++++++++++++++++++
 arch/arm/cpu/armv8/fsl-layerscape/spl.c            | 29 ++++++++
 arch/arm/include/asm/system.h                      |  2 +-
 arch/arm/lib/spl.c                                 | 11 +++
 4 files changed, 127 insertions(+), 1 deletion(-)
 create mode 100644 arch/arm/cpu/armv8/fsl-layerscape/doc/README.falcon

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/doc/README.falcon b/arch/arm/cpu/armv8/fsl-layerscape/doc/README.falcon
new file mode 100644
index 0000000..bacff27
--- /dev/null
+++ b/arch/arm/cpu/armv8/fsl-layerscape/doc/README.falcon
@@ -0,0 +1,86 @@
+Falcon boot option
+------------------
+Falcon boot is a short cut boot method for SD/eMMC targets. It skips loading the
+RAM version U-Boot. Instead, it loads FIT image and boot directly to Linux.
+CONFIG_SPL_OS_BOOT enables falcon boot. CONFIG_SPL_LOAD_FIT enables the FIT
+image support (also need CONFIG_SPL_OF_LIBFDT, CONFIG_SPL_FIT and optionally
+CONFIG_SPL_GZIP).
+
+To enable falcon boot, a hook function spl_start_uboot() returns 0 to indicate
+booting U-Boot is not the first choice. The kernel FIT image needs to be put
+at CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR. SPL mmc driver reads the header to
+determine if this is a FIT image. If true, FIT image components are parsed and
+copied or decompressed (if applicable) to their desitinations. If FIT image is
+not found, normal U-Boot flow will follow.
+
+An important part of falcon boot is to prepare the device tree. A normal U-Boot
+does FDT fixups when booting Linux. For falcon boot, Linux boots directly from
+SPL, skipping the normal U-Boot. The device tree has to be prepared in advance.
+A command "spl export" should be called under the normal RAM version U-Boot.
+It is equivalent to go through "bootm" step-by-step until device tree fixup is
+done. The device tree in memory is the one needed for falcon boot. Falcon boot
+flow suggests to save this image to SD/eMMC at the location pointed by macro
+CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTOR, with maximum size specified by macro
+CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTORS. However, when FIT image is used for
+Linux, the device tree stored in FIT image overwrites the memory loaded by spl
+driver from these sectors. We could change this loading order to favor the
+stored sectors. But when secure boot is enabled, these sectors are used for
+signature header and needs to be loaded before the FIT image. So it is important
+to understand the device tree in FIT image should be the one actually used, or
+leave it abscent to favor the stored sectors. It is easier to deploy the FIT
+image with embedded static device tree to multiple boards.
+
+Macro CONFIG_SYS_SPL_ARGS_ADDR serves two purposes. One is the pointer to load
+the stored sectors to. Normally this is the static device tree. The second
+purpose is the memory location of signature header for secure boot. After the
+FIT image is loaded into memory, it is validated against the signature header
+before individual components are extracted (and optionally decompressed) into
+their final memory locations, respectivelly. After the validation, the header
+is no longer used. The static device tree is copied into this location. So
+this macro is passed as the location of device tree when booting Linux.
+
+Steps to prepare static device tree
+-----------------------------------
+To prepare the static device tree for Layerscape boards, it is important to
+understand the fixups in U-Boot. Memory size and location, as well as reserved
+memory blocks are added/updated. Ethernet MAC addressed are updated. FMan
+microcode (if used) is embedded in the device tree. Kernel command line and
+initrd information are embedded. Others including CPU status, boot method,
+Ethernet port status, etc. are also updated.
+
+Following normal booting process, all variables are set, all images are loaded
+before "bootm" command would be issued to boot, run command
+
+spl export fdt <address>
+
+where the address is the location of FIT image. U-Boot goes through the booting
+process as if "bootm start", "bootm loados", "bootm ramdisk"... commands but
+stops before "bootm go". There we have the fixed-up device tree in memory.
+We can check the device tree header by these commands
+
+fdt addr <fdt address>
+fdt header
+
+Where the fdt address is the device tree in memory. It is printed by U-Boot.
+It is useful to know the exact size. One way to extract this static device
+tree is to save it to eMMC/SD using command in U-Boot, and extract under Linux
+with these commands, repectivelly
+
+mmc write <address> <sector> <sectors>
+dd if=/dev/mmcblk0 of=<filename> bs=512 skip=<sector> count=<sectors>
+
+Note, U-Boot takes values as hexadecimals while Linux takes them as decimals by
+default. If using NAND or other storage, the commands are slightly different.
+When we have the static device tree image, we can re-make the FIT image with
+it. It is important to specify the load addresses in FIT image for every
+components. Otherwise U-Boot cannot load them correctly.
+
+Other things to consider
+-----------------------
+Falcon boot skips a lot of initialization in U-Boot. If Linux expects the
+hardware to be initialized by U-Boot, the related code should be ported to SPL
+build. For example, if Linux expect Ethernet PHY to be initialized in U-Boot
+(which is not a common case), the PHY initialization has to be included in
+falcon boot. This increases the SPL image size and should be handled carefully.
+If Linux has PHY driver enabled, it still depends on the correct MDIO bus setup
+in U-Boot. Normal U-Boot sets the MDC ratio to generate a proper clock signal.
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spl.c b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
index 2776240..7db1077 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/spl.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
@@ -116,4 +116,33 @@ void board_init_f(ulong dummy)
 	gd->arch.tlb_allocated = gd->arch.tlb_addr;
 #endif	/* CONFIG_SPL_FSL_LS_PPA */
 }
+
+#ifdef CONFIG_SPL_OS_BOOT
+/*
+ * Return
+ * 0 if booting into OS is selected
+ * 1 if booting into U-Boot is selected
+ */
+int spl_start_uboot(void)
+{
+	char s[8];
+
+	env_init();
+	getenv_f("boot_os", s, sizeof(s));
+	if ((s != NULL) && (*s == '1' || *s == 'y' || *s == 'Y' ||
+			    *s == 't' || *s == 'T'))
+		return 0;
+
+	return 1;
+}
+#endif	/* CONFIG_SPL_OS_BOOT */
+#ifdef CONFIG_SPL_LOAD_FIT
+int board_fit_config_name_match(const char *name)
+{
+	/* Just empty function now - can't decide what to choose */
+	debug("%s: %s\n", __func__, name);
+
+	return 0;
+}
+#endif
 #endif /* CONFIG_SPL_BUILD */
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
index 9c3261c..c37391a 100644
--- a/arch/arm/include/asm/system.h
+++ b/arch/arm/include/asm/system.h
@@ -200,7 +200,7 @@ void __asm_switch_ttbr(u64 new_ttbr);
  * @entry_point: kernel entry point
  * @es_flag:     execution state flag, ES_TO_AARCH64 or ES_TO_AARCH32
  */
-void armv8_switch_to_el2(u64 args, u64 mach_nr, u64 fdt_addr,
+void __noreturn armv8_switch_to_el2(u64 args, u64 mach_nr, u64 fdt_addr,
 			 u64 arg4, u64 entry_point, u64 es_flag);
 /*
  * Switch from EL2 to EL1 for ARMv8
diff --git a/arch/arm/lib/spl.c b/arch/arm/lib/spl.c
index 8ff2c50..a9e9cf2 100644
--- a/arch/arm/lib/spl.c
+++ b/arch/arm/lib/spl.c
@@ -7,6 +7,7 @@
  *
  * SPDX-License-Identifier:	GPL-2.0+
  */
+
 #include <common.h>
 #include <config.h>
 #include <spl.h>
@@ -46,6 +47,15 @@ void __weak board_init_f(ulong dummy)
  * image.
  */
 #ifdef CONFIG_SPL_OS_BOOT
+#ifdef CONFIG_ARM64
+void __noreturn jump_to_image_linux(struct spl_image_info *spl_image)
+{
+	debug("Entering kernel arg pointer: 0x%p\n", spl_image->arg);
+	cleanup_before_linux();
+	armv8_switch_to_el2((u64)spl_image->arg, 0, 0, 0,
+			    spl_image->entry_point, ES_TO_AARCH64);
+}
+#else
 void __noreturn jump_to_image_linux(struct spl_image_info *spl_image)
 {
 	unsigned long machid = 0xffffffff;
@@ -61,4 +71,5 @@ void __noreturn jump_to_image_linux(struct spl_image_info *spl_image)
 	cleanup_before_linux();
 	image_entry(0, machid, spl_image->arg);
 }
+#endif	/* CONFIG_ARM64 */
 #endif
-- 
2.7.4

[U-Boot] [PATCH v1 3/9] armv8: ls1043ardb_sdcard: Enable falcon boot

[York Sun]

Update defconfig to enable falcon boot, add needed macros to board
header file. Because environment variables are not avaiable during
SPL stage for SD boot, set "boot_os=y" as default.

Signed-off-by: York Sun <york.sun@nxp.com>
---

 configs/ls1043ardb_sdcard_defconfig | 6 ++++++
 include/configs/ls1043a_common.h    | 7 ++++---
 include/configs/ls1043ardb.h        | 6 ++++++
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/configs/ls1043ardb_sdcard_defconfig b/configs/ls1043ardb_sdcard_defconfig
index ea674c8..e0d739a 100644
--- a/configs/ls1043ardb_sdcard_defconfig
+++ b/configs/ls1043ardb_sdcard_defconfig
@@ -21,6 +21,7 @@ CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
 CONFIG_HUSH_PARSER=y
 CONFIG_CMD_GPT=y
+# CONFIG_CMD_IMLS is not set
 CONFIG_CMD_MMC=y
 CONFIG_CMD_SF=y
 CONFIG_CMD_I2C=y
@@ -51,3 +52,8 @@ CONFIG_DM_USB=y
 CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_USB_STORAGE=y
+CONFIG_SPL_OS_BOOT=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_OF_LIBFDT=y
+CONFIG_SPL_FIT=y
+CONFIG_SPL_GZIP=y
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index e269248..3b2cf1f 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -74,10 +74,10 @@
 #define CONFIG_SPL_STACK		0x1001e000
 #define CONFIG_SPL_PAD_TO		0x1d000
 
-#define CONFIG_SYS_SPL_MALLOC_START	(CONFIG_SYS_TEXT_BASE + \
-					CONFIG_SYS_MONITOR_LEN)
+#define CONFIG_SYS_SPL_MALLOC_START	(CONFIG_SPL_BSS_START_ADDR + \
+					CONFIG_SPL_BSS_MAX_SIZE)
 #define CONFIG_SYS_SPL_MALLOC_SIZE	0x100000
-#define CONFIG_SPL_BSS_START_ADDR	0x80100000
+#define CONFIG_SPL_BSS_START_ADDR	0x8f000000
 #define CONFIG_SPL_BSS_MAX_SIZE		0x80000
 
 #ifdef CONFIG_SECURE_BOOT
@@ -270,6 +270,7 @@
 	"kernel_load=0xa0000000\0"		\
 	"kernel_size=0x2800000\0"		\
 	"console=ttyS0,115200\0"                \
+	"boot_os=y\0"				\
 	"mtdparts=" MTDPARTS_DEFAULT "\0"
 
 #define CONFIG_BOOTARGS			"console=ttyS0,115200 root=/dev/ram0 " \
diff --git a/include/configs/ls1043ardb.h b/include/configs/ls1043ardb.h
index 7bac8b6..7aab64a 100644
--- a/include/configs/ls1043ardb.h
+++ b/include/configs/ls1043ardb.h
@@ -48,6 +48,12 @@
 
 #ifdef CONFIG_SD_BOOT
 #define CONFIG_SYS_FSL_PBL_RCW board/freescale/ls1043ardb/ls1043ardb_rcw_sd.cfg
+#define CONFIG_CMD_SPL
+#define CONFIG_SYS_SPL_ARGS_ADDR	0x90000000
+#define CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR	0x10000
+#define CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTOR	0x500
+#define CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTORS	30
+#define CONFIG_SPL_BOARD_INIT
 #endif
 
 /*
-- 
2.7.4

[U-Boot] [PATCH v1 4/9] fsl: secure boot: Remove dependency of command line for fsl_validate.c

[York Sun]

From: Ruchika Gupta <ruchika.gupta@nxp.com>

Make secure boot validation available without using command.

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
---

 board/freescale/common/Makefile       | 5 ++++-
 board/freescale/common/fsl_validate.c | 6 ++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/board/freescale/common/Makefile b/board/freescale/common/Makefile
index 1c53fb6..fb2025d 100644
--- a/board/freescale/common/Makefile
+++ b/board/freescale/common/Makefile
@@ -75,7 +75,10 @@ obj-$(CONFIG_TARGET_P5040DS)	+= p_corenet/
 obj-$(CONFIG_LAYERSCAPE_NS_ACCESS)	+= ns_access.o
 
 ifdef CONFIG_SECURE_BOOT
-obj-$(CONFIG_CMD_ESBC_VALIDATE) += fsl_validate.o cmd_esbc_validate.o
+ifndef CONFIG_SPL_BUILD
+obj-$(CONFIG_CMD_ESBC_VALIDATE) += cmd_esbc_validate.o
+endif
+obj-y += fsl_validate.o
 endif
 obj-$(CONFIG_CHAIN_OF_TRUST) += fsl_chain_of_trust.o
 
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index ed48c5c..86baecc 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -351,7 +351,8 @@ static void fsl_secboot_header_verification_failure(void)
 	printf("Generating reset request\n");
 	do_reset(NULL, 0, 0, NULL);
 	/* If reset doesn't coocur, halt execution */
-	do_esbc_halt(NULL, 0, 0, NULL);
+	while (1)
+		;
 }
 
 /*
@@ -373,7 +374,8 @@ static void fsl_secboot_image_verification_failure(void)
 		printf("Generating reset request\n");
 		do_reset(NULL, 0, 0, NULL);
 		/* If reset doesn't coocur, halt execution */
-		do_esbc_halt(NULL, 0, 0, NULL);
+		while (1)
+			;
 
 	} else {
 		set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);
-- 
2.7.4

[U-Boot] [PATCH v1 5/9] fsl: secure boot: Add fsl_rsa_modexp_raw function for scenarios without DM model

[York Sun]

From: Ruchika Gupta <ruchika.gupta@nxp.com>

Add fsl_rsa_modexp_raw() for secure boot during SPL stage where DM
driver is not loaded.

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
---

 board/freescale/common/fsl_validate.c | 13 +++++++++----
 drivers/crypto/fsl/fsl_rsa.c          | 28 ++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 86baecc..96bd879 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -786,10 +786,6 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
 {
 	int ret;
 	uint32_t key_len;
-	struct key_prop prop;
-#if !defined(USE_HOSTCC)
-	struct udevice *mod_exp_dev;
-#endif
 	ret = calc_esbchdr_esbc_hash(img);
 	if (ret)
 		return ret;
@@ -797,6 +793,14 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
 	/* Construct encoded hash EM' wrt PKCSv1.5 */
 	construct_img_encoded_hash_second(img);
 
+#if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_SPL_DM)
+	ret = fsl_mod_exp_raw(img->img_sign, img->hdr.sign_len,
+			  img->img_key, key_len, img->img_encoded_hash);
+#else
+	struct key_prop prop;
+#if !defined(USE_HOSTCC)
+	struct udevice *mod_exp_dev;
+#endif
 	/* Fill prop structure for public key */
 	memset(&prop, 0, sizeof(struct key_prop));
 	key_len = get_key_len(img) / 2;
@@ -813,6 +817,7 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
 
 	ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
 			  &prop, img->img_encoded_hash);
+#endif
 	if (ret)
 		return ret;
 
diff --git a/drivers/crypto/fsl/fsl_rsa.c b/drivers/crypto/fsl/fsl_rsa.c
index 5471504..32c059f 100644
--- a/drivers/crypto/fsl/fsl_rsa.c
+++ b/drivers/crypto/fsl/fsl_rsa.c
@@ -15,7 +15,34 @@
 #include "jr.h"
 #include "rsa_caam.h"
 #include <u-boot/rsa-mod-exp.h>
+#include <fsl_validate.h>
 
+#if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_SPL_DM)
+int fsl_mod_exp_raw(const uint8_t *sig, uint32_t sig_len,
+		uint8_t *rsa_pub_key, int keylen, uint8_t *out)
+{
+	struct pk_in_params pkin;
+	uint32_t *desc = malloc(sizeof(int) * MAX_CAAM_DESCSIZE);
+	int ret;
+
+	pkin.a = sig;
+	pkin.a_siz = sig_len;
+	pkin.n = rsa_pub_key;
+	pkin.n_siz = keylen;
+	pkin.e = rsa_pub_key + keylen;
+	pkin.e_siz = keylen;
+
+	inline_cnstr_jobdesc_pkha_rsaexp(desc, &pkin, out, sig_len);
+
+	ret = run_descriptor_jr(desc);
+	if (ret) {
+		debug("%s: RSA failed to verify: %d\n", __func__, ret);
+		return -EFAULT;
+	}
+
+	return 0;
+}
+#else
 int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
 		struct key_prop *prop, uint8_t *out)
 {
@@ -59,3 +86,4 @@ U_BOOT_DRIVER(fsl_rsa_mod_exp) = {
 U_BOOT_DEVICE(fsl_rsa) = {
 	.name = "fsl_rsa_mod_exp",
 };
+#endif
-- 
2.7.4

[U-Boot] [PATCH v1 6/9] crypto: fsl: Allocate memory for descriptor from main memory

[York Sun]

When U-Boot runs at EL2 on ARMv8, OCRAM is in secure world on some
SoCs by default. Allocation of memory from OCRAM causes failure in
this case. Since main memory is available, allocating memory
from heap is successful.

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
---

 drivers/crypto/fsl/fsl_rsa.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/fsl/fsl_rsa.c b/drivers/crypto/fsl/fsl_rsa.c
index 32c059f..5192267 100644
--- a/drivers/crypto/fsl/fsl_rsa.c
+++ b/drivers/crypto/fsl/fsl_rsa.c
@@ -48,8 +48,14 @@ int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
 {
 	uint32_t keylen;
 	struct pk_in_params pkin;
-	uint32_t desc[MAX_CAAM_DESCSIZE];
-	int ret;
+	uint32_t *desc;
+	int ret = 0;
+
+	desc = malloc(MAX_CAAM_DESCSIZE);
+	if (!desc) {
+		printf("RSA DESC: malloc failed for RSA descriptor\n");
+		return -ENOMEM;
+	}
 
 	/* Length in bytes */
 	keylen = prop->num_bits / 8;
@@ -66,10 +72,11 @@ int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
 	ret = run_descriptor_jr(desc);
 	if (ret) {
 		debug("%s: RSA failed to verify: %d\n", __func__, ret);
-		return -EFAULT;
+		ret = -EFAULT;
 	}
+	free(desc);
 
-	return 0;
+	return ret;
 }
 
 static const struct mod_exp_ops fsl_mod_exp_ops = {
-- 
2.7.4

[U-Boot] [PATCH v1 7/9] armv8: fsl-layerscape: Enable secure boot valiation for SPL boot

[York Sun]

Enable validation of PPA image for SPL boot.

Signed-off-by: York Sun <york.sun@nxp.com>
---

 arch/arm/cpu/armv8/fsl-layerscape/spl.c | 4 ++++
 arch/arm/include/asm/fsl_secure_boot.h  | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spl.c b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
index 7db1077..3c366c2 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/spl.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
@@ -10,6 +10,7 @@
 #include <fsl_ifc.h>
 #include <i2c.h>
 #include <fsl_csu.h>
+#include <fsl_validate.h>
 #include <asm/arch/fdt.h>
 #include <asm/arch/ppa.h>
 
@@ -63,6 +64,9 @@ void spl_board_init(void)
 #ifdef CONFIG_LAYERSCAPE_NS_ACCESS
 	enable_layerscape_ns_access();
 #endif
+#ifdef CONFIG_SECURE_BOOT
+	sec_init();
+#endif
 #ifdef CONFIG_SPL_FSL_LS_PPA
 	ppa_init();
 #endif
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index b0ca4bc..85b59b8 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -130,6 +130,9 @@
 /* BOOTSCRIPT_ADDR is not required */
 #endif
 
+#include <config_fsl_chain_trust.h>
+#endif /* #ifndef CONFIG_SPL_BUILD */
+
 #ifdef CONFIG_FSL_LS_PPA
 /* Define the key hash here if SRK used for signing PPA image is
  * different from SRK hash put in SFP used for U-Boot.
@@ -140,7 +143,5 @@
 #define PPA_KEY_HASH		NULL
 #endif /* ifdef CONFIG_FSL_LS_PPA */
 
-#include <config_fsl_chain_trust.h>
-#endif /* #ifndef CONFIG_SPL_BUILD */
 #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
 #endif
-- 
2.7.4

[U-Boot] [PATCH v1 8/9] armv8: layerscape: falcon: Implement FIT image validation

[York Sun]

Validate OS FIT image for falcon boot. This requires the ESBC header
to be loaded at CONFIG_SYS_SPL_ARGS_ADDR.

Signed-off-by: York Sun <york.sun@nxp.com>
---

 arch/arm/cpu/armv8/fsl-layerscape/spl.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spl.c b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
index 3c366c2..d0dcf47 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/spl.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
@@ -149,4 +149,29 @@ int board_fit_config_name_match(const char *name)
 	return 0;
 }
 #endif
+
+#ifdef CONFIG_SPL_FIT_IMAGE_SECURE_VALIDATE
+#ifndef CONFIG_SYS_SPL_ARGS_ADDR
+#error Need to load OS FIT header to CONFIG_SYS_SPL_ARGS_ADDR
+#endif
+void board_fit_image_secure_validate(void *fit)
+{
+	uintptr_t hdraddr = CONFIG_SYS_SPL_ARGS_ADDR;
+	uintptr_t img_addr = (uintptr_t)fit;
+	int ret;
+
+	if (fsl_check_boot_mode_secure() != 0) {
+		ret = fsl_secboot_validate(hdraddr,
+					   NULL,
+					   &img_addr);
+		if (ret != 0) {
+			printf("OS FIT validation failed\n");
+			while (1)
+				;
+		} else {
+			printf("OS FIT validation Successful\n");
+		}
+	}
+}
+#endif
 #endif /* CONFIG_SPL_BUILD */
-- 
2.7.4

[U-Boot] [PATCH v1 9/9] armv8: ls1043ardb: Enable loading PPA and falcon boot for SD secure boot

[York Sun]

Enable falcon boot for SD secure boot. Align non-secure boot image
to sector 0x110 to unify flash layout. Align ARGS sectors with normal
secure boot layout as well. With these changes, both falcon boot and
normal secure boot use the same sectors for FIT image header.

Signed-off-by: York Sun <york.sun@nxp.com>

---

 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 10 +++++++++-
 configs/ls1043ardb_sdcard_defconfig             |  2 +-
 include/configs/ls1043a_common.h                |  2 +-
 include/configs/ls1043ardb.h                    |  4 ++--
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
index 4e959bf..d9d76d0 100644
--- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
@@ -4,6 +4,7 @@ CONFIG_SPL_LIBCOMMON_SUPPORT=y
 CONFIG_SPL_LIBGENERIC_SUPPORT=y
 CONFIG_SECURE_BOOT=y
 CONFIG_FSL_LS_PPA=y
+CONFIG_SPL_FSL_LS_PPA=y
 CONFIG_SPL_MMC_SUPPORT=y
 CONFIG_SPL_SERIAL_SUPPORT=y
 CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
@@ -11,7 +12,7 @@ CONFIG_SPL_WATCHDOG_SUPPORT=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1043a-rdb"
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
-CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL,SD_BOOT"
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL"
 CONFIG_SD_BOOT=y
 CONFIG_BOOTDELAY=10
 CONFIG_SPL=y
@@ -21,6 +22,12 @@ CONFIG_SPL_CRYPTO_SUPPORT=y
 CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
+CONFIG_SPL_FIT=y
+CONFIG_SPL_FIT_IMAGE_SECURE_VALIDATE=y
+CONFIG_SPL_GZIP=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_OF_LIBFDT=y
+CONFIG_SPL_OS_BOOT=y
 CONFIG_HUSH_PARSER=y
 CONFIG_CMD_GPT=y
 CONFIG_CMD_MMC=y
@@ -37,6 +44,7 @@ CONFIG_CMD_FAT=y
 # CONFIG_SPL_EFI_PARTITION is not set
 CONFIG_OF_CONTROL=y
 CONFIG_DM=y
+CONFIG_FSL_CAAM=y
 CONFIG_SPL_DM=y
 CONFIG_MTD_NOR_FLASH=y
 CONFIG_SPI_FLASH=y
diff --git a/configs/ls1043ardb_sdcard_defconfig b/configs/ls1043ardb_sdcard_defconfig
index e0d739a..a55bbff 100644
--- a/configs/ls1043ardb_sdcard_defconfig
+++ b/configs/ls1043ardb_sdcard_defconfig
@@ -16,7 +16,7 @@ CONFIG_SD_BOOT=y
 CONFIG_BOOTDELAY=10
 CONFIG_SPL=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
-CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xf0
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
 CONFIG_HUSH_PARSER=y
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index 3b2cf1f..b16634d 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -72,7 +72,7 @@
 #define CONFIG_SPL_TEXT_BASE		0x10000000
 #define CONFIG_SPL_MAX_SIZE		0x17000
 #define CONFIG_SPL_STACK		0x1001e000
-#define CONFIG_SPL_PAD_TO		0x1d000
+#define CONFIG_SPL_PAD_TO		0x21000
 
 #define CONFIG_SYS_SPL_MALLOC_START	(CONFIG_SPL_BSS_START_ADDR + \
 					CONFIG_SPL_BSS_MAX_SIZE)
diff --git a/include/configs/ls1043ardb.h b/include/configs/ls1043ardb.h
index 7aab64a..d1d33ab 100644
--- a/include/configs/ls1043ardb.h
+++ b/include/configs/ls1043ardb.h
@@ -51,8 +51,8 @@
 #define CONFIG_CMD_SPL
 #define CONFIG_SYS_SPL_ARGS_ADDR	0x90000000
 #define CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR	0x10000
-#define CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTOR	0x500
-#define CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTORS	30
+#define CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTOR	0x1f480
+#define CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTORS	3
 #define CONFIG_SPL_BOARD_INIT
 #endif
 
-- 
2.7.4

[U-Boot] [PATCH v1 7/9] armv8: fsl-layerscape: Enable secure boot valiation for SPL boot

[Tom Rini]

On Mon, May 15, 2017 at 09:16:07AM -0700, York Sun wrote:

> Enable validation of PPA image for SPL boot.
> 
> Signed-off-by: York Sun <york.sun@nxp.com>
[snip]
> +#include <config_fsl_chain_trust.h>

Looking at the contents of this file here, can you please do a follow-up
to move pretty much most of this content to
include/environment/fsl/chain_of_trust.h (or whatever name you thinks
makes most sense) ?  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20170515/175a3183/attachment.sig>

[U-Boot] [PATCH v1 7/9] armv8: fsl-layerscape: Enable secure boot valiation for SPL boot

[york sun]

On 05/15/2017 05:35 PM, Tom Rini wrote:
> On Mon, May 15, 2017 at 09:16:07AM -0700, York Sun wrote:
>
>> Enable validation of PPA image for SPL boot.
>>
>> Signed-off-by: York Sun <york.sun@nxp.com>
> [snip]
>> +#include <config_fsl_chain_trust.h>
>
> Looking at the contents of this file here, can you please do a follow-up
> to move pretty much most of this content to
> include/environment/fsl/chain_of_trust.h (or whatever name you thinks
> makes most sense) ?  Thanks!
>

Either Ruchika or myself will take this action.

York

[U-Boot] [PATCH v1 4/9] fsl: secure boot: Remove dependency of command line for fsl_validate.c

[York Sun]

On 05/15/2017 09:16 AM, york sun wrote:
> From: Ruchika Gupta <ruchika.gupta@nxp.com>
> 
> Make secure boot validation available without using command.
> 
> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
> Signed-off-by: York Sun <york.sun@nxp.com>
> ---

Due to SPL image size increase, secure boot feature cannot be enabled
together with falcon boot. Defer the rest patches in this set.

York