[PATCH u-boot v2019.04-aspeed-openbmc v2 00/10] Use HACE to accelerate sha512

[PATCH u-boot v2019.04-aspeed-openbmc v2 00/10] Use HACE to accelerate sha512

[Joel Stanley]

This series adds support to u-boot to using the HACE hardware in the
AST2600 to perform SHA hashing during boot, and enable the SPL features
to load u-boot as a signed FIT.

This is only applicable for MMC booting, as the HACE cannot be used to
hash directly from the memory mapped SPI NOR.

These have been tested with Cédric's aspeed-6.0 Qemu tree. You can
reproduce using the script in this repository:

 https://github.com/shenki/qemu-boot-test

Joel Stanley (10):
  configs/ast2600: Make early malloc pool larger
  crypto: Add driver for Aspeed HACE
  ast2600: Enable HACE probing in SPL
  ast2600: Add HACE to device tree
  ast2600: spl: Remove SECBOOT BL2 kconfig option
  ast2600: spl: Add ASPEED_LOADERS option
  ast2600: spl: Support common boot loader features
  config: ast2600: Configure common MMC SPL loader
  configs: ast2600: Enable FIT SHA512 support
  config: ast2600: Disable SPL raw image support

 arch/arm/dts/ast2600-rainier.dts           |   5 +
 arch/arm/dts/ast2600-tacoma.dts            |   5 +
 arch/arm/dts/ast2600.dtsi                  |   9 +
 arch/arm/dts/ast2600a1-evb.dts             |   4 +
 arch/arm/mach-aspeed/Kconfig               |  15 ++
 arch/arm/mach-aspeed/ast2600/Kconfig       |  12 -
 arch/arm/mach-aspeed/ast2600/Makefile      |   6 +-
 arch/arm/mach-aspeed/ast2600/spl.c         |  30 +++
 arch/arm/mach-aspeed/ast2600/spl_boot.c    |  17 +-
 configs/ast2600_openbmc_spl_emmc_defconfig |  24 +-
 drivers/crypto/Kconfig                     |  19 ++
 drivers/crypto/Makefile                    |   1 +
 drivers/crypto/aspeed_hace.c               | 266 +++++++++++++++++++++
 13 files changed, 375 insertions(+), 38 deletions(-)
 create mode 100644 drivers/crypto/aspeed_hace.c

-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 01/10] configs/ast2600: Make early malloc pool larger

[Joel Stanley]

The size of the early (pre-DRAM) SRAM heap in u-boot proper is extended
to 8KB.

Testing found that the DRAM driver would perform an allocation that
exceeded the limits, due to the probing of the HACE driver increasing
memory presssure. As SRAM is unused when u-boot proper is running, it
can all be allocated.

(In theory the entire 88KB of SRAM is free, but testing showed more than
60KB would break booting. Finding out why is TODO).

The SPL early heap is fixed to 0x800, the default before this change.
Testing shows that:

  SPL malloc() before relocation used 0x794 bytes (1 KB)

So 2KB should be enough.

Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 configs/ast2600_openbmc_spl_emmc_defconfig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
index 6daf6343478b..5a4d66da1cea 100644
--- a/configs/ast2600_openbmc_spl_emmc_defconfig
+++ b/configs/ast2600_openbmc_spl_emmc_defconfig
@@ -24,12 +24,13 @@ CONFIG_ASPEED_KERNEL_FIT_DRAM_BASE=0x83000000
 CONFIG_TARGET_EVB_AST2600A1=y
 CONFIG_SPL_LIBCOMMON_SUPPORT=y
 CONFIG_SPL_LIBGENERIC_SUPPORT=y
-CONFIG_SYS_MALLOC_F_LEN=0x800
+CONFIG_SYS_MALLOC_F_LEN=0x2000
 CONFIG_SPL_MMC_SUPPORT=y
 CONFIG_SPL_SERIAL_SUPPORT=y
 CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
 CONFIG_ENV_SIZE=0x10000
 CONFIG_ENV_OFFSET=0x5000
+CONFIG_SPL_SYS_MALLOC_F_LEN=0x800
 CONFIG_SPL=y
 CONFIG_SPL_STACK_R_ADDR=0x90300000
 CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 02/10] crypto: Add driver for Aspeed HACE

[Joel Stanley]

The HACE supports MD5, SHA1 and SHA2 family hash functions. This driver
uses it in a polling mode to perform hash calculations over buffers
placed in DRAM.

Co-developed-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 configs/ast2600_openbmc_spl_emmc_defconfig |   1 +
 drivers/crypto/Kconfig                     |  19 ++
 drivers/crypto/Makefile                    |   1 +
 drivers/crypto/aspeed_hace.c               | 266 +++++++++++++++++++++
 4 files changed, 287 insertions(+)
 create mode 100644 drivers/crypto/aspeed_hace.c

diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
index 5a4d66da1cea..f58a677f1914 100644
--- a/configs/ast2600_openbmc_spl_emmc_defconfig
+++ b/configs/ast2600_openbmc_spl_emmc_defconfig
@@ -97,6 +97,7 @@ CONFIG_SYSCON=y
 CONFIG_SPL_OF_TRANSLATE=y
 CONFIG_CLK=y
 CONFIG_SPL_CLK=y
+CONFIG_ASPEED_HACE=y
 CONFIG_DM_GPIO=y
 CONFIG_ASPEED_GPIO=y
 CONFIG_DM_I2C=y
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 1ea116be7503..e92037d88906 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -2,4 +2,23 @@ menu "Hardware crypto devices"
 
 source drivers/crypto/fsl/Kconfig
 
+config ASPEED_HACE
+	bool "ASPEED Hash and Crypto Engine"
+	depends on ASPEED_AST2600
+	imply SHA_HW_ACCEL
+	imply SHA_PROG_HW_ACCEL
+	imply SHA512
+	imply SHA512_ALGO
+	imply CMD_HASH
+	help
+	 Select this option to enable a driver for using the SHA engine in
+	 the ASPEED BMC SoCs.
+
+	 Enabling this allows the use of SHA operations in hardware without requiring the
+	 SHA software implementations, saving code size.
+
+	 Due to hardware limitations it cannot be used with a FIT placed in SPI
+	 FLASH. Data can only be hashed if it is in SDRAM, making this relevant
+	 for MMC and network boot only.
+
 endmenu
diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index efbd1d3fca05..ac93b1295954 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -4,5 +4,6 @@
 # 	http://www.samsung.com
 
 obj-$(CONFIG_EXYNOS_ACE_SHA)	+= ace_sha.o
+obj-$(CONFIG_ASPEED_HACE)	+= aspeed_hace.o
 obj-y += rsa_mod_exp/
 obj-y += fsl/
diff --git a/drivers/crypto/aspeed_hace.c b/drivers/crypto/aspeed_hace.c
new file mode 100644
index 000000000000..a99fb7c249be
--- /dev/null
+++ b/drivers/crypto/aspeed_hace.c
@@ -0,0 +1,266 @@
+/*
+ * (C) Copyright ASPEED Technology Inc.
+ * Copyright 2021 IBM Corp.
+ *
+ * SPDX-License-Identifier:	GPL-2.0-or-later
+ */
+
+#include <common.h>
+#include <clk.h>
+
+#include <log.h>
+#include <asm/io.h>
+#include <malloc.h>
+#include <hash.h>
+
+#include <dm/device.h>
+#include <dm/fdtaddr.h>
+
+#include <linux/bitops.h>
+#include <linux/delay.h>
+#include <linux/kernel.h>
+#include <linux/iopoll.h>
+
+#define ASPEED_HACE_STS			0x1C
+#define  HACE_RSA_ISR			BIT(13)
+#define  HACE_CRYPTO_ISR		BIT(12)
+#define  HACE_HASH_ISR			BIT(9)
+#define  HACE_RSA_BUSY			BIT(2)
+#define  HACE_CRYPTO_BUSY		BIT(1)
+#define  HACE_HASH_BUSY			BIT(0)
+#define ASPEED_HACE_HASH_SRC		0x20
+#define ASPEED_HACE_HASH_DIGEST_BUFF	0x24
+#define ASPEED_HACE_HASH_KEY_BUFF	0x28
+#define ASPEED_HACE_HASH_DATA_LEN	0x2C
+#define  HACE_SG_LAST			BIT(31)
+#define ASPEED_HACE_HASH_CMD		0x30
+#define  HACE_SHA_BE_EN			BIT(3)
+#define  HACE_MD5_LE_EN			BIT(2)
+#define  HACE_ALGO_MD5			0
+#define  HACE_ALGO_SHA1			BIT(5)
+#define  HACE_ALGO_SHA224		BIT(6)
+#define  HACE_ALGO_SHA256		(BIT(4) | BIT(6))
+#define  HACE_ALGO_SHA512		(BIT(5) | BIT(6))
+#define  HACE_ALGO_SHA384		(BIT(5) | BIT(6) | BIT(10))
+#define  HACE_SG_EN			BIT(18)
+
+#define ASPEED_MAX_SG			32
+
+struct aspeed_sg {
+	u32 len;
+	u32 addr;
+};
+
+struct aspeed_hash_ctx {
+	u32 method;
+	u32 digest_size;
+	u32 len;
+	u32 count;
+	struct aspeed_sg list[ASPEED_MAX_SG]; /* Must be 8 byte aligned */
+};
+
+struct aspeed_hace {
+	struct clk clk;
+};
+
+static phys_addr_t base;
+
+static int aspeed_hace_wait_completion(u32 reg, u32 flag, int timeout_us)
+{
+	u32 val;
+
+	return readl_poll_timeout(reg, val, (val & flag) == flag, timeout_us);
+}
+
+static int digest_object(const void *src, unsigned int length, void *digest,
+		  u32 method)
+{
+	if (!((u32)src & BIT(31))) {
+		debug("HACE src out of bounds: can only copy from SDRAM\n");
+		return -EINVAL;
+	}
+
+	if ((u32)digest & 0x7) {
+		debug("HACE dest alignment incorrect: %p\n", digest);
+		return -EINVAL;
+	}
+
+
+	if (readl(base + ASPEED_HACE_STS) & HACE_HASH_BUSY) {
+		debug("HACE error: engine busy\n");
+		return -EBUSY;
+	}
+
+	/* Clear pending completion status */
+	writel(HACE_HASH_ISR, base + ASPEED_HACE_STS);
+
+	writel((u32)src, base + ASPEED_HACE_HASH_SRC);
+	writel((u32)digest, base + ASPEED_HACE_HASH_DIGEST_BUFF);
+	writel(length, base + ASPEED_HACE_HASH_DATA_LEN);
+	writel(HACE_SHA_BE_EN | method, base + ASPEED_HACE_HASH_CMD);
+
+	/* SHA512 hashing appears to have a througput of about 12MB/s */
+	return aspeed_hace_wait_completion(base + ASPEED_HACE_STS,
+			HACE_HASH_ISR,
+			1000 + (length >> 3));
+}
+
+void hw_sha1(const unsigned char *pbuf, unsigned int buf_len,
+	       unsigned char *pout, unsigned int chunk_size)
+{
+	int rc;
+
+	rc = digest_object(pbuf, buf_len, pout, HACE_ALGO_SHA1);
+	if (rc)
+		debug("HACE failure: %d\n", rc);
+}
+
+void hw_sha256(const unsigned char *pbuf, unsigned int buf_len,
+	       unsigned char *pout, unsigned int chunk_size)
+{
+	int rc;
+
+	rc = digest_object(pbuf, buf_len, pout, HACE_ALGO_SHA256);
+	if (rc)
+		debug("HACE failure: %d\n", rc);
+}
+
+void hw_sha512(const unsigned char *pbuf, unsigned int buf_len,
+	       unsigned char *pout, unsigned int chunk_size)
+{
+	int rc;
+
+	rc = digest_object(pbuf, buf_len, pout, HACE_ALGO_SHA512);
+	if (rc)
+		debug("HACE failure: %d\n", rc);
+}
+
+#if IS_ENABLED(CONFIG_SHA_PROG_HW_ACCEL)
+int hw_sha_init(struct hash_algo *algo, void **ctxp)
+{
+	struct aspeed_hash_ctx *ctx;
+	u32 method;
+
+	if (!strcmp(algo->name, "sha1")) {
+		method = HACE_ALGO_SHA1;
+	}
+	else if (!strcmp(algo->name, "sha256")) {
+		method = HACE_ALGO_SHA256;
+	}
+	else if (!strcmp(algo->name, "sha512")) {
+		method = HACE_ALGO_SHA512;
+	}
+	else  {
+		return -ENOTSUPP;
+	}
+
+	ctx = memalign(8, sizeof(*ctx));
+	memset(ctx, '\0', sizeof(*ctx));
+
+	if (ctx == NULL) {
+		debug("HACE error: Cannot allocate memory for context\n");
+		return -ENOMEM;
+	}
+
+	if (((uintptr_t)ctx->list & 0x3) != 0) {
+		printf("HACE error: Invalid alignment for input data\n");
+		return -EINVAL;
+	}
+
+	ctx->method = method | HACE_SG_EN;
+	ctx->digest_size = algo->digest_size;
+	*ctxp = ctx;
+
+	return 0;
+}
+
+int hw_sha_update(struct hash_algo *algo, void *hash_ctx, const void *buf,
+		  unsigned int size, int is_last)
+{
+	struct aspeed_hash_ctx *ctx = hash_ctx;
+	struct aspeed_sg *sg = &ctx->list[ctx->count];
+
+	if (ctx->count >= ARRAY_SIZE(ctx->list)) {
+		debug("HACE error: Reached maximum number of hash segments\n");
+		free(ctx);
+		return -EINVAL;
+	}
+
+	sg->addr = (u32)buf;
+	sg->len = size;
+	if (is_last)
+		sg->len |= HACE_SG_LAST;
+
+	ctx->count++;
+	ctx->len += size;
+
+	return 0;
+}
+
+int hw_sha_finish(struct hash_algo *algo, void *hash_ctx, void *dest_buf, int size)
+{
+	struct aspeed_hash_ctx *ctx = hash_ctx;
+	int rc;
+
+	if (size < ctx->digest_size) {
+		debug("HACE error: insufficient size on destination buffer\n");
+		free(ctx);
+		return -EINVAL;
+	}
+
+	rc = digest_object(ctx->list, ctx->len, dest_buf, ctx->method);
+	if (rc)
+		debug("HACE Scatter-Gather failure\n");
+
+	free(ctx);
+
+	return rc;
+}
+#endif
+
+static int aspeed_hace_probe(struct udevice *dev)
+{
+	struct aspeed_hace *hace = dev_get_priv(dev);
+	int ret;
+
+	ret = clk_get_by_index(dev, 0, &hace->clk);
+	if (ret < 0) {
+		debug("Can't get clock for %s: %d\n", dev->name, ret);
+		return ret;
+	}
+
+	ret = clk_enable(&hace->clk);
+	if (ret) {
+		debug("Failed to enable fsi clock (%d)\n", ret);
+		return ret;
+	}
+
+	/* As the crypto code does not pass us any driver state */
+	base = devfdt_get_addr(dev);
+
+	return ret;
+}
+
+static int aspeed_hace_remove(struct udevice *dev)
+{
+	struct aspeed_hace *hace = dev_get_priv(dev);
+
+	clk_disable(&hace->clk);
+
+	return 0;
+}
+
+static const struct udevice_id aspeed_hace_ids[] = {
+	{ .compatible = "aspeed,ast2600-hace" },
+	{ }
+};
+
+U_BOOT_DRIVER(aspeed_hace) = {
+	.name		= "aspeed_hace",
+	.id		= UCLASS_MISC,
+	.of_match	= aspeed_hace_ids,
+	.probe		= aspeed_hace_probe,
+	.remove 	= aspeed_hace_remove,
+	.priv_auto_alloc_size = sizeof(struct aspeed_hace),
+	.flags  = DM_FLAG_PRE_RELOC,
+};
-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 03/10] ast2600: Enable HACE probing in SPL

[Joel Stanley]

Look up the driver by name so we don't cause a link failure when
building without the HACE driver built in.

Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 arch/arm/mach-aspeed/ast2600/spl.c         | 13 +++++++++++++
 configs/ast2600_openbmc_spl_emmc_defconfig |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c
index 54f89b0e8431..e1eef121d5c6 100644
--- a/arch/arm/mach-aspeed/ast2600/spl.c
+++ b/arch/arm/mach-aspeed/ast2600/spl.c
@@ -32,6 +32,19 @@ void board_init_f(ulong dummy)
 #endif
 }
 
+#ifdef CONFIG_SPL_BOARD_INIT
+void spl_board_init(void)
+{
+	struct udevice *dev;
+
+	if (uclass_get_device_by_driver(UCLASS_MISC,
+				DM_GET_DRIVER(aspeed_hace),
+				&dev)) {
+		debug("Warning: HACE initialization failure\n");
+	}
+}
+#endif
+
 u32 spl_boot_device(void)
 {
 	switch (aspeed_bootmode()) {
diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
index f58a677f1914..ed0233379fe9 100644
--- a/configs/ast2600_openbmc_spl_emmc_defconfig
+++ b/configs/ast2600_openbmc_spl_emmc_defconfig
@@ -48,7 +48,7 @@ CONFIG_SYS_CONSOLE_ENV_OVERWRITE=y
 CONFIG_DISPLAY_BOARDINFO_LATE=y
 CONFIG_ARCH_EARLY_INIT_R=y
 CONFIG_BOARD_EARLY_INIT_F=y
-# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
+CONFIG_SPL_BOARD_INIT=y
 # CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
 CONFIG_SPL_SYS_MALLOC_SIMPLE=y
 CONFIG_SPL_STACK_R=y
-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 04/10] ast2600: Add HACE to device tree

[Joel Stanley]

HACE is the Hash and Crypto Egine in the AST2600.

Reviewed-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 arch/arm/dts/ast2600-rainier.dts | 5 +++++
 arch/arm/dts/ast2600-tacoma.dts  | 5 +++++
 arch/arm/dts/ast2600.dtsi        | 9 +++++++++
 arch/arm/dts/ast2600a1-evb.dts   | 4 ++++
 4 files changed, 23 insertions(+)

diff --git a/arch/arm/dts/ast2600-rainier.dts b/arch/arm/dts/ast2600-rainier.dts
index 67e177baf1bd..aae507b4c23d 100755
--- a/arch/arm/dts/ast2600-rainier.dts
+++ b/arch/arm/dts/ast2600-rainier.dts
@@ -103,3 +103,8 @@
 	pinctrl-0 = <&pinctrl_emmc_default>;
 	sdhci-drive-type = <1>;
 };
+
+&hace {
+	u-boot,dm-pre-reloc;
+	status = "okay";
+};
diff --git a/arch/arm/dts/ast2600-tacoma.dts b/arch/arm/dts/ast2600-tacoma.dts
index 85d1e3902b11..c8ed5e35a74c 100755
--- a/arch/arm/dts/ast2600-tacoma.dts
+++ b/arch/arm/dts/ast2600-tacoma.dts
@@ -94,3 +94,8 @@
 	pinctrl-0 = <&pinctrl_emmc_default>;
 	sdhci-drive-type = <1>;
 };
+
+&hace {
+	u-boot,dm-pre-reloc;
+	status = "okay";
+};
diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi
index e619f7118886..57ea98a47b67 100644
--- a/arch/arm/dts/ast2600.dtsi
+++ b/arch/arm/dts/ast2600.dtsi
@@ -304,6 +304,15 @@
 
 			};
 
+			hace: hace@1e6d0000 {
+				compatible = "aspeed,ast2600-hace";
+				reg = <0x1e6d0000 0x200>;
+				interrupts = <GIC_SPI 4 IRQ_TYPE_LEVEL_HIGH>;
+				clocks = <&scu ASPEED_CLK_GATE_YCLK>;
+				clock-names = "yclk";
+				status = "disabled";
+			};
+
 			smp-memram@0 {
 				compatible = "aspeed,ast2600-smpmem", "syscon";
 				reg = <0x1e6e2180 0x40>;
diff --git a/arch/arm/dts/ast2600a1-evb.dts b/arch/arm/dts/ast2600a1-evb.dts
index 2827e00c0eb4..2ae6e3bdf192 100644
--- a/arch/arm/dts/ast2600a1-evb.dts
+++ b/arch/arm/dts/ast2600a1-evb.dts
@@ -301,3 +301,7 @@
 &display_port {
 	status = "okay";
 };
+
+&hace {
+	status = "okay";
+};
-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 05/10] ast2600: spl: Remove SECBOOT BL2 kconfig option

[Joel Stanley]

THis option was added in "ast2600: Allow selection of SPL boot devices"
to allow disabling the secboot BL2 loaders. Instead of adding the new
symbol the patch could have used the existing ASPEED_SECURE_BOOT option.

Change to use the existing option.

Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 arch/arm/mach-aspeed/ast2600/Kconfig    | 12 ------------
 arch/arm/mach-aspeed/ast2600/spl_boot.c | 17 +++++++----------
 2 files changed, 7 insertions(+), 22 deletions(-)

diff --git a/arch/arm/mach-aspeed/ast2600/Kconfig b/arch/arm/mach-aspeed/ast2600/Kconfig
index 518f41b558d3..dd991e87c795 100644
--- a/arch/arm/mach-aspeed/ast2600/Kconfig
+++ b/arch/arm/mach-aspeed/ast2600/Kconfig
@@ -53,18 +53,6 @@ config TARGET_SLT_AST2600
 
 endchoice
 
-config ASPEED_SECBOOT_BL2
-	bool "ASPEED secure boot BL2 support"
-	depends on ASPEED_AST2600
-	help
-	  Enable ASPEED's "secboot" secure boot support for verifying
-	  the SPL's playload ("BL2").
-
-	  Enable this is if you're using secure boot support in the AST2600 (or similar)
-	  to verify your u-boot proper.
-
-	  Disable this is if you are using u-boot's vboot to verify u-boot.
-
 source "board/aspeed/evb_ast2600a0/Kconfig"
 source "board/aspeed/evb_ast2600a1/Kconfig"
 source "board/aspeed/ncsi_ast2600a0/Kconfig"
diff --git a/arch/arm/mach-aspeed/ast2600/spl_boot.c b/arch/arm/mach-aspeed/ast2600/spl_boot.c
index 06800940109e..517f3a767c82 100644
--- a/arch/arm/mach-aspeed/ast2600/spl_boot.c
+++ b/arch/arm/mach-aspeed/ast2600/spl_boot.c
@@ -23,7 +23,7 @@ static int aspeed_spl_ram_load_image(struct spl_image_info *spl_image,
 }
 SPL_LOAD_IMAGE_METHOD("RAM", 0, ASPEED_BOOT_DEVICE_RAM, aspeed_spl_ram_load_image);
 
-#if IS_ENABLED(ASPEED_SECBOOT_BL2)
+#if IS_ENABLED(CONFIG_ASPEED_SECURE_BOOT)
 static int aspeed_secboot_spl_ram_load_image(struct spl_image_info *spl_image,
 				      struct spl_boot_device *bootdev)
 {
@@ -42,9 +42,8 @@ static int aspeed_secboot_spl_ram_load_image(struct spl_image_info *spl_image,
 	return 0;
 }
 SPL_LOAD_IMAGE_METHOD("RAM with Aspeed Secure Boot", 0, ASPEED_SECBOOT_DEVICE_RAM, aspeed_secboot_spl_ram_load_image);
-#endif /* ASPEED_SECBOOT_BL2 */
+#endif /* IS_ENABLED(CONFIG_ASPEED_SECURE_BOOT) */
 
-#if IS_ENABLED(CONFIG_SPL_MMC_SUPPORT)
 static int aspeed_spl_mmc_load_image(struct spl_image_info *spl_image,
 				      struct spl_boot_device *bootdev)
 {
@@ -104,7 +103,7 @@ static int aspeed_spl_mmc_load_image(struct spl_image_info *spl_image,
 }
 SPL_LOAD_IMAGE_METHOD("MMC", 0, ASPEED_BOOT_DEVICE_MMC, aspeed_spl_mmc_load_image);
 
-#if IS_ENABLED(ASPEED_SECBOOT_BL2)
+#if IS_ENABLED(CONFIG_ASPEED_SECURE_BOOT)
 static int aspeed_secboot_spl_mmc_load_image(struct spl_image_info *spl_image,
 				      struct spl_boot_device *bootdev)
 {
@@ -165,8 +164,7 @@ static int aspeed_secboot_spl_mmc_load_image(struct spl_image_info *spl_image,
 	return 0;
 }
 SPL_LOAD_IMAGE_METHOD("MMC with Aspeed Secure Boot", 0, ASPEED_SECBOOT_DEVICE_MMC, aspeed_secboot_spl_mmc_load_image);
-#endif /* ASPEED_SECBOOT_BL2 */
-#endif
+#endif /* IS_ENABLED(CONFIG_ASPEED_SECURE_BOOT) */
 
 #if IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT)
 static int getcymodem(void)
@@ -211,8 +209,7 @@ end_stream:
 }
 SPL_LOAD_IMAGE_METHOD("UART", 0, ASPEED_BOOT_DEVICE_UART, aspeed_spl_ymodem_load_image);
 
-
-#if IS_ENABLED(ASPEED_SECBOOT_BL2)
+#if IS_ENABLED(CONFIG_ASPEED_SECURE_BOOT)
 static int aspeed_secboot_spl_ymodem_load_image(struct spl_image_info *spl_image,
 		struct spl_boot_device *bootdev)
 {
@@ -254,5 +251,5 @@ end_stream:
 	return ret;
 }
 SPL_LOAD_IMAGE_METHOD("UART with Aspeed Secure Boot", 0, ASPEED_SECBOOT_DEVICE_UART, aspeed_secboot_spl_ymodem_load_image);
-#endif /* ASPEED_SECBOOT_BL2 */
-#endif
+#endif /* IS_ENABLED(CONFIG_ASPEED_SECURE_BOOT) */
+#endif /* IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) */
-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 06/10] ast2600: spl: Add ASPEED_LOADERS option

[Joel Stanley]

This places the ASPEED loaders behind configuration option that can be
disabled to instead use the common code. This option is enabled by
default so existing configurations do not need to change.

Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 arch/arm/mach-aspeed/Kconfig          | 15 +++++++++++++++
 arch/arm/mach-aspeed/ast2600/Makefile |  6 ++++--
 arch/arm/mach-aspeed/ast2600/spl.c    |  2 ++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/arch/arm/mach-aspeed/Kconfig b/arch/arm/mach-aspeed/Kconfig
index 44d392a70610..bccb63a99e54 100644
--- a/arch/arm/mach-aspeed/Kconfig
+++ b/arch/arm/mach-aspeed/Kconfig
@@ -54,6 +54,19 @@ config ASPEED_PALLADIUM
 	  This is mainly for internal verification and investigation
 	  on HW design. If not sure, say N.
 
+config ASPEED_LOADERS
+       bool "ASPEED custom loaders"
+       depends on SPL
+       default y
+       help
+        Enable the custom payload loading methods used by ASPEED. This is requited to
+        use ASPEED's proprietary secure boot feature.
+
+        Disable this is if you are using u-boot's common loader functionally
+        to eg. load u-boot as a FIT and use vboot.
+
+if ASPEED_LOADERS
+
 config ASPEED_SECURE_BOOT
 	bool "Support Aspeed secure boot feature"
 	depends on SPL && ASPEED_AST2600
@@ -154,6 +167,8 @@ config ASPEED_KERNEL_FIT_DRAM_BASE
 	  The DRAM address where the Kernel FIT image
 	  will be loaded if XIP is not supported
 
+endif
+
 source "arch/arm/mach-aspeed/ast2400/Kconfig"
 source "arch/arm/mach-aspeed/ast2500/Kconfig"
 source "arch/arm/mach-aspeed/ast2600/Kconfig"
diff --git a/arch/arm/mach-aspeed/ast2600/Makefile b/arch/arm/mach-aspeed/ast2600/Makefile
index 0abac4c233e4..d07e8c737cfe 100644
--- a/arch/arm/mach-aspeed/ast2600/Makefile
+++ b/arch/arm/mach-aspeed/ast2600/Makefile
@@ -1,2 +1,4 @@
-obj-y   += platform.o board_common.o scu_info.o utils.o cache.o crypto.o aspeed_verify.o
-obj-$(CONFIG_SPL_BUILD) += spl.o spl_boot.o
+obj-y   += platform.o board_common.o scu_info.o utils.o cache.o
+obj-$(CONFIG_ASPEED_SECURE_BOOT) += crypto.o aspeed_verify.o
+obj-$(CONFIG_ASPEED_LOADERS) += spl_boot.o
+obj-$(CONFIG_SPL_BUILD) += spl.o
diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c
index e1eef121d5c6..40eabca683c2 100644
--- a/arch/arm/mach-aspeed/ast2600/spl.c
+++ b/arch/arm/mach-aspeed/ast2600/spl.c
@@ -47,6 +47,7 @@ void spl_board_init(void)
 
 u32 spl_boot_device(void)
 {
+#if IS_ENABLED(CONFIG_ASPEED_LOADERS)
 	switch (aspeed_bootmode()) {
 	case AST_BOOTMODE_EMMC:
 		return (IS_ENABLED(CONFIG_ASPEED_SECURE_BOOT))?
@@ -60,6 +61,7 @@ u32 spl_boot_device(void)
 	default:
 		break;
 	}
+#endif
 
 	return BOOT_DEVICE_NONE;
 }
-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 07/10] ast2600: spl: Support common boot loader features

[Joel Stanley]

Enable the common SPL code for loading boot images from various devices
that the system can be configured to use. These loaders are used when
not using the custom ASPEED loaders.

The system will try to boot from the strapped device, but fall back to
the UART.

Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 arch/arm/mach-aspeed/ast2600/spl.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c
index 40eabca683c2..778b326755ba 100644
--- a/arch/arm/mach-aspeed/ast2600/spl.c
+++ b/arch/arm/mach-aspeed/ast2600/spl.c
@@ -61,11 +61,26 @@ u32 spl_boot_device(void)
 	default:
 		break;
 	}
+#else
+	switch (aspeed_bootmode()) {
+	case AST_BOOTMODE_EMMC:
+		return BOOT_DEVICE_MMC1;
+	case AST_BOOTMODE_SPI:
+		return BOOT_DEVICE_SPI;
+	case AST_BOOTMODE_UART:
+		return BOOT_DEVICE_UART;
+	}
 #endif
 
 	return BOOT_DEVICE_NONE;
 }
 
+void board_boot_order(u32 *spl_boot_list)
+{
+	spl_boot_list[0] = spl_boot_device();
+	spl_boot_list[1] = ASPEED_BOOT_DEVICE_UART;
+}
+
 #ifdef CONFIG_SPL_OS_BOOT
 int spl_start_uboot(void)
 {
-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 08/10] config: ast2600: Configure common MMC SPL loader

[Joel Stanley]

The SPL will load u-boot proper from sector 0x80 (128), which is 64KB
into the device.

The link address changes as this is used as the load address by the
loader. Given the Aspeed loaders are linking u-boot at 0x10000 but
running it from RAM, the u-boot relocation code must be fine with this
setup.

The custom Aspeed loaders are disabled, and so the related configuration
options are removed from the defconfig.

Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 configs/ast2600_openbmc_spl_emmc_defconfig | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
index ed0233379fe9..b9190c70baa5 100644
--- a/configs/ast2600_openbmc_spl_emmc_defconfig
+++ b/configs/ast2600_openbmc_spl_emmc_defconfig
@@ -7,20 +7,9 @@ CONFIG_SYS_THUMB_BUILD=y
 # CONFIG_SPL_USE_ARCH_MEMSET is not set
 CONFIG_SPL_LDSCRIPT="arch/$(ARCH)/mach-aspeed/ast2600/u-boot-spl.lds"
 CONFIG_ARCH_ASPEED=y
-CONFIG_SYS_TEXT_BASE=0x10000
+CONFIG_SYS_TEXT_BASE=0x81000000
 CONFIG_ASPEED_AST2600=y
-CONFIG_ASPEED_UBOOT_SPI_BASE=0x10000
-CONFIG_ASPEED_UBOOT_SPI_SIZE=0xd0000
-CONFIG_ASPEED_UBOOT_MMC_BASE=0x80
-CONFIG_ASPEED_UBOOT_MMC_PART=1
-CONFIG_ASPEED_UBOOT_MMC_SIZE=0x680
-CONFIG_ASPEED_UBOOT_UART_SIZE=0xe0000
-CONFIG_ASPEED_UBOOT_DRAM_BASE=0x81000000
-CONFIG_ASPEED_KERNEL_FIT_SPI_BASE=0x20100000
-CONFIG_ASPEED_KERNEL_FIT_SPI_SIZE=0x1000000
-CONFIG_ASPEED_KERNEL_FIT_MMC_BASE=0x800
-CONFIG_ASPEED_KERNEL_FIT_MMC_SIZE=0x8000
-CONFIG_ASPEED_KERNEL_FIT_DRAM_BASE=0x83000000
+# CONFIG_ASPEED_LOADERS is not set
 CONFIG_TARGET_EVB_AST2600A1=y
 CONFIG_SPL_LIBCOMMON_SUPPORT=y
 CONFIG_SPL_LIBGENERIC_SUPPORT=y
@@ -53,6 +42,8 @@ CONFIG_SPL_BOARD_INIT=y
 CONFIG_SPL_SYS_MALLOC_SIMPLE=y
 CONFIG_SPL_STACK_R=y
 CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x80
 CONFIG_SPL_FIT_IMAGE_TINY=y
 CONFIG_SPL_DM_RESET=y
 CONFIG_SPL_RAM_SUPPORT=y
-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 09/10] configs: ast2600: Enable FIT SHA512 support

[Joel Stanley]

OpenBMC systems intend to use SHA512 in the FIT images.

Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 configs/ast2600_openbmc_spl_emmc_defconfig | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
index b9190c70baa5..195c03d274f9 100644
--- a/configs/ast2600_openbmc_spl_emmc_defconfig
+++ b/configs/ast2600_openbmc_spl_emmc_defconfig
@@ -26,6 +26,7 @@ CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
 CONFIG_ARMV7_PSCI_NR_CPUS=2
 CONFIG_NR_DRAM_BANKS=1
 CONFIG_FIT=y
+CONFIG_FIT_ENABLE_SHA512_SUPPORT=y
 CONFIG_FIT_SIGNATURE=y
 CONFIG_SPL_FIT_SIGNATURE=y
 CONFIG_SPL_LOAD_FIT=y
@@ -44,6 +45,7 @@ CONFIG_SPL_STACK_R=y
 CONFIG_SPL_SEPARATE_BSS=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x80
+CONFIG_SPL_SHA512_SUPPORT=y
 CONFIG_SPL_FIT_IMAGE_TINY=y
 CONFIG_SPL_DM_RESET=y
 CONFIG_SPL_RAM_SUPPORT=y
-- 
2.30.2

[PATCH u-boot v2019.04-aspeed-openbmc v2 10/10] config: ast2600: Disable SPL raw image support

[Joel Stanley]

The only way to load u-boot will be as part FIT, so secure boot cannot
be bypassed.

Signed-off-by: Joel Stanley <joel@jms.id.au>
---
 configs/ast2600_openbmc_spl_emmc_defconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
index 195c03d274f9..f72c77cd7541 100644
--- a/configs/ast2600_openbmc_spl_emmc_defconfig
+++ b/configs/ast2600_openbmc_spl_emmc_defconfig
@@ -39,6 +39,7 @@ CONFIG_DISPLAY_BOARDINFO_LATE=y
 CONFIG_ARCH_EARLY_INIT_R=y
 CONFIG_BOARD_EARLY_INIT_F=y
 CONFIG_SPL_BOARD_INIT=y
+# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
 # CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set
 CONFIG_SPL_SYS_MALLOC_SIMPLE=y
 CONFIG_SPL_STACK_R=y
-- 
2.30.2

Re: [PATCH u-boot v2019.04-aspeed-openbmc v2 01/10] configs/ast2600: Make early malloc pool larger

[Cédric Le Goater]

Hello,

On 4/20/21 8:46 AM, Joel Stanley wrote:
> The size of the early (pre-DRAM) SRAM heap in u-boot proper is extended
> to 8KB.
> 
> Testing found that the DRAM driver would perform an allocation that
> exceeded the limits, due to the probing of the HACE driver increasing
> memory presssure. As SRAM is unused when u-boot proper is running, it
> can all be allocated.
> 
> (In theory the entire 88KB of SRAM is free, but testing showed more than
> 60KB would break booting. Finding out why is TODO).

Could it be a HW problem ? 


C. 

> 
> The SPL early heap is fixed to 0x800, the default before this change.
> Testing shows that:
> 
>   SPL malloc() before relocation used 0x794 bytes (1 KB)
> 
> So 2KB should be enough.
> 
> Signed-off-by: Joel Stanley <joel@jms.id.au>
> ---
>  configs/ast2600_openbmc_spl_emmc_defconfig | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
> index 6daf6343478b..5a4d66da1cea 100644
> --- a/configs/ast2600_openbmc_spl_emmc_defconfig
> +++ b/configs/ast2600_openbmc_spl_emmc_defconfig
> @@ -24,12 +24,13 @@ CONFIG_ASPEED_KERNEL_FIT_DRAM_BASE=0x83000000
>  CONFIG_TARGET_EVB_AST2600A1=y
>  CONFIG_SPL_LIBCOMMON_SUPPORT=y
>  CONFIG_SPL_LIBGENERIC_SUPPORT=y
> -CONFIG_SYS_MALLOC_F_LEN=0x800
> +CONFIG_SYS_MALLOC_F_LEN=0x2000
>  CONFIG_SPL_MMC_SUPPORT=y
>  CONFIG_SPL_SERIAL_SUPPORT=y
>  CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
>  CONFIG_ENV_SIZE=0x10000
>  CONFIG_ENV_OFFSET=0x5000
> +CONFIG_SPL_SYS_MALLOC_F_LEN=0x800
>  CONFIG_SPL=y
>  CONFIG_SPL_STACK_R_ADDR=0x90300000
>  CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
> 

Re: [PATCH u-boot v2019.04-aspeed-openbmc v2 01/10] configs/ast2600: Make early malloc pool larger

[Joel Stanley]

On Tue, 20 Apr 2021 at 08:53, Cédric Le Goater <clg@kaod.org> wrote:
>
> Hello,
>
> On 4/20/21 8:46 AM, Joel Stanley wrote:
> > The size of the early (pre-DRAM) SRAM heap in u-boot proper is extended
> > to 8KB.
> >
> > Testing found that the DRAM driver would perform an allocation that
> > exceeded the limits, due to the probing of the HACE driver increasing
> > memory presssure. As SRAM is unused when u-boot proper is running, it
> > can all be allocated.
> >
> > (In theory the entire 88KB of SRAM is free, but testing showed more than
> > 60KB would break booting. Finding out why is TODO).
>
> Could it be a HW problem ?

This was testing in Qemu, so probably not. We model the full 88KB in Qemu.

Re: [PATCH u-boot v2019.04-aspeed-openbmc v2 00/10] Use HACE to accelerate sha512

[Joel Stanley]

On Tue, 20 Apr 2021 at 20:16, Sandhya Koteshwara
<Sandhya.Koteshwara@ibm.com> wrote:
>
> Hi Joel,
>
> I am looking at the patches and confused by this: This is only applicable for MMC booting, as the HACE cannot be used to hash directly from the memory mapped SPI NOR.
>
> From my understanding, when secure boot is enabled in AST2600, the secure boot microprocessor & ROM code copy the RoT image (either from SPI or eMMC) to SRAM before integrity check is performed. Subsequent CoT images are copied to DRAM before integrity check. Why is the same process not applicable here and why is there a need to hash directly from SPI?

Your understanding is correct, for Aspeed's secure boot solution.
However we are not using that in this case (except for the initial
image; the SPL). Once we have the SPL loaded we instead use the
verification features in u-boot. This means we use the generic FIT
loader code in common/.

If someone has a use case where they want to use the u-boot boot
infrastructure to boot from NOR, then they could submit patches to
modify the infrastructure to first copy the FIT to DRAM, and then
perform verification.

Cheers,

Joel

>
> Thanks,
> Sandhya
>
>
> ----- Original message -----
> From: Joel Stanley <joel@jms.id.au>
> Sent by: "openbmc" <openbmc-bounces+sandhya.koteshwara=ibm.com@lists.ozlabs.org>
> To: openbmc@lists.ozlabs.org, Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>, Andrew Jeffery <andrew@aj.id.au>
> Cc: "Cédric Le Goater" <clg@kaod.org>
> Subject: [EXTERNAL] [PATCH u-boot v2019.04-aspeed-openbmc v2 00/10] Use HACE to accelerate sha512
> Date: Tue, Apr 20, 2021 2:47 AM
>
> This series adds support to u-boot to using the HACE hardware in the
> AST2600 to perform SHA hashing during boot, and enable the SPL features
> to load u-boot as a signed FIT.
>
> This is only applicable for MMC booting, as the HACE cannot be used to
> hash directly from the memory mapped SPI NOR.
>
> These have been tested with Cédric's aspeed-6.0 Qemu tree. You can
> reproduce using the script in this repository:
>
>  https://github.com/shenki/qemu-boot-test
>
> Joel Stanley (10):
>   configs/ast2600: Make early malloc pool larger
>   crypto: Add driver for Aspeed HACE
>   ast2600: Enable HACE probing in SPL
>   ast2600: Add HACE to device tree
>   ast2600: spl: Remove SECBOOT BL2 kconfig option
>   ast2600: spl: Add ASPEED_LOADERS option
>   ast2600: spl: Support common boot loader features
>   config: ast2600: Configure common MMC SPL loader
>   configs: ast2600: Enable FIT SHA512 support
>   config: ast2600: Disable SPL raw image support
>
>  arch/arm/dts/ast2600-rainier.dts           |   5 +
>  arch/arm/dts/ast2600-tacoma.dts            |   5 +
>  arch/arm/dts/ast2600.dtsi                  |   9 +
>  arch/arm/dts/ast2600a1-evb.dts             |   4 +
>  arch/arm/mach-aspeed/Kconfig               |  15 ++
>  arch/arm/mach-aspeed/ast2600/Kconfig       |  12 -
>  arch/arm/mach-aspeed/ast2600/Makefile      |   6 +-
>  arch/arm/mach-aspeed/ast2600/spl.c         |  30 +++
>  arch/arm/mach-aspeed/ast2600/spl_boot.c    |  17 +-
>  configs/ast2600_openbmc_spl_emmc_defconfig |  24 +-
>  drivers/crypto/Kconfig                     |  19 ++
>  drivers/crypto/Makefile                    |   1 +
>  drivers/crypto/aspeed_hace.c               | 266 +++++++++++++++++++++
>  13 files changed, 375 insertions(+), 38 deletions(-)
>  create mode 100644 drivers/crypto/aspeed_hace.c
>
> --
> 2.30.2
>
>
>
>

Re: [PATCH u-boot v2019.04-aspeed-openbmc v2 00/10] Use HACE to accelerate sha512

[Klaus Heinrich Kiwi]

On 4/20/2021 3:46 AM, Joel Stanley wrote:
> Joel Stanley (10):
>    configs/ast2600: Make early malloc pool larger
>    crypto: Add driver for Aspeed HACE
>    ast2600: Enable HACE probing in SPL
>    ast2600: Add HACE to device tree
>    ast2600: spl: Remove SECBOOT BL2 kconfig option
>    ast2600: spl: Add ASPEED_LOADERS option
>    ast2600: spl: Support common boot loader features
>    config: ast2600: Configure common MMC SPL loader
>    configs: ast2600: Enable FIT SHA512 support
>    config: ast2600: Disable SPL raw image support

Looks like you forgot to include 'clk: aspeed: Add HACE yclk to ast2600'

It fails pretty instantly even in Qemu without it.


Additionally, looks like the spl binary size grew significantly to 59696
bytes (around 10KB larger than before). The final SPL size when added to
the Device-tree blob with the 4096bits public key is 65058 bytes, which
is just a tad over the maximum limit we have of 65024 bytes.

  -Klaus

-- 
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>

Re: [PATCH u-boot v2019.04-aspeed-openbmc v2 00/10] Use HACE to accelerate sha512

[Joel Stanley]

On Thu, 22 Apr 2021 at 20:46, Klaus Heinrich Kiwi
<klaus@linux.vnet.ibm.com> wrote:
>
>
>
> On 4/20/2021 3:46 AM, Joel Stanley wrote:
> > Joel Stanley (10):
> >    configs/ast2600: Make early malloc pool larger
> >    crypto: Add driver for Aspeed HACE
> >    ast2600: Enable HACE probing in SPL
> >    ast2600: Add HACE to device tree
> >    ast2600: spl: Remove SECBOOT BL2 kconfig option
> >    ast2600: spl: Add ASPEED_LOADERS option
> >    ast2600: spl: Support common boot loader features
> >    config: ast2600: Configure common MMC SPL loader
> >    configs: ast2600: Enable FIT SHA512 support
> >    config: ast2600: Disable SPL raw image support
>
> Looks like you forgot to include 'clk: aspeed: Add HACE yclk to ast2600'

That patch was already applied to the u-boot tree.

I've since applied this series to the top of v2019.04-aspeed-openbmc.

> It fails pretty instantly even in Qemu without it.
>
>
> Additionally, looks like the spl binary size grew significantly to 59696
> bytes (around 10KB larger than before). The final SPL size when added to
> the Device-tree blob with the 4096bits public key is 65058 bytes, which
> is just a tad over the maximum limit we have of 65024 bytes.

That's a surprise. Were you able to work out where the size increase came from?

Here's the size I see with HEAD:

44a8c618c1215e0faac0f335f0afd56ed4240e76 49986

I'm using arm-linux-gnueabi-gcc (Debian 10.2.1-6) 10.2.1 20210110.

Cheers,

Joel

Re: [PATCH u-boot v2019.04-aspeed-openbmc v2 00/10] Use HACE to accelerate sha512

[Klaus Heinrich Kiwi]

>>
>> Looks like you forgot to include 'clk: aspeed: Add HACE yclk to ast2600'
> 
> That patch was already applied to the u-boot tree.
> 
> I've since applied this series to the top of v2019.04-aspeed-openbmc.

Yeah I missed that you merged some of the patches

  
>> It fails pretty instantly even in Qemu without it.
>>
>>
>> Additionally, looks like the spl binary size grew significantly to 59696
>> bytes (around 10KB larger than before). The final SPL size when added to
>> the Device-tree blob with the 4096bits public key is 65058 bytes, which
>> is just a tad over the maximum limit we have of 65024 bytes.
> 
> That's a surprise. Were you able to work out where the size increase came from?
> 
> Here's the size I see with HEAD:
> 
> 44a8c618c1215e0faac0f335f0afd56ed4240e76 49986
> 
> I'm using arm-linux-gnueabi-gcc (Debian 10.2.1-6) 10.2.1 20210110.


Looks like I was also missing some of the patches #ifdef'ing out the
sha512/sha256 implementations when hw sha was available.

I was able to test the tree '44a8c618c1 configs: ast2600: Use non-a1 config for openbmc spl emmc'
both on Qemu and hardware and it works fine, thanks!


-Klaus

-- 
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>